Around a million Android clients were tricked into downloading a phony form of the well-known messaging application WhatsApp claiming to be the official one.  The application was called “Update WhatsApp” accessible on official Google Play Store.

WhatsApp Messenger is a freeware and cross-platform texting administration for smart phones.  It utilizes the Internet to make voice calls, video calls; send instant messages, pictures, GIF, recordings, archives, client area, sound documents, telephone contacts and voice notes utilizing standard cell numbers.

This, however, is not the first time when assailants have utilized the widespread application for vindictive purposes.  WhatsApp Gold and WhatsApp saving money have previously effectively tricked users which successfully infected Android gadgets to steal sensitive information.

With respect to Google Play Store’s security, the Store is presently home to vast amounts of malware contaminated programs and fraud applications focusing on unwary users.

The Google cached page from the store indicates Update WhatsApp had 1,000,000 to 5,000,000 downloads while clients objected that the application is phony and spamming their gadgets with promotions.

In spite of the fact that the application has been expelled from the Play store roster, it is yet to determine if it infected clients with malware or just created promotions through spam.  The app, nonetheless, demonstrates that Android clients were unwary while downloading an application.


Furthermore, the legitimate WhatsApp application itself was used by scammers to promote a new scheme in which attackers are conveying counterfeit Marks and Spencer, Tesco and ASDA vouchers, an online shopping website, on WhatsApp.  The trick reveals to WhatsApp clients that, to observe Asda’s 68 commemoration, the retailer is putting forth everybody a free £250 voucher.

Users should simply tap on a link and fill in points of interest.  There are two indications the trick is phony: the spelling and sentence structure is disorganized and that the provided URL said in the offer does not actually exist on Asda.

In light of the foregoing events concerning WhatsApp, Indonesia announced that it will summon officials which could inform app administrations and web search tools, including Google, to strictly scan malicious code content on messaging apps.  Indonesia has specifically mentioned WhatsApp to be probably banned in their country.

Google, although it is evident they can actually exert more efforts to screen app developers, cannot be entirely blamed for the continuously growing roster of malware-embedded applications.  These malicious programs prosper because of lack of user awareness.  Differentiating a legitimate app from a malicious one is apparently simple.  There are obvious indicators such as the developer’s name, the name of the application, the comments and reviews, and other simple details that could easily identify which apps should be avoided.

Users which have installed the malicious Update WhatsApp are strongly advised to immediately uninstall the app.


Manny Cuevas

My name is Manny Cuevas a Security Researcher / Engineer for about 15 years that focuses on Web and Mobile applications and other platforms from the Island of Sulu, Philippines. I’m also a scientist, inventor and a top ranked hacker in the world that bypass all security systems.


Leave a Reply

Your email address will not be published. Required fields are marked *