According to a Reddit report on November 4, security researcher Dexter Genius recently found that hackers used the official Google Play store as a repository for malware and deployed fake WhatsApp apps. So far, more than 1 million Android users have downloaded it. Researchers say this appears to be another example of Google’s automated detection system failing.
On the left are fake WhatsApp apps and on the right are legitimate WhatsApp apps
When researchers decompiled the fake app, they discovered it was an ad-loading wrapper that included code to download another Android app package (APK). It’s worth noting that the second, related malicious app tries to hide itself, so not only does it have no name, but it also uses a blank icon to disguise itself.
The investigation revealed that the fake app appeared to have been created by the legitimate WhatsApp company, but a closer look revealed that the developers had added two bytes (0xC2 0xA0) to the end of the name, allowing it to eventually form a hidden space. The most incredible thing, however, is that the hacker’s app was able to bypass Google’s security checks and infect more than a million devices.
The fake app has been removed from Google’s official App Store. Despite Google’s efforts, the automated detection system Google has deployed on its official App Store still doesn’t work, according to the company.
* reprint from HackerNews, the original address: http://hackernews.cc/archives/16498
Aleju safety
Aliju security (http://jaq.alibaba.com) produced by The Alibaba Security Department, for enterprises and developers to provide Internet business security solutions, comprehensive coverage of mobile security, data risk control, content security, real person authentication and other dimensions, and the industry took the lead in proposing “business-centric security”, enabling ecology, Alibaba Group and the industry to share years of precipitation of professional security ability.