An Extremely Convincing WhatsApp Fake Was Downloaded More Than 1 Million Times From Google Play

Found on Fortune on Sunday, 05 November 2017

According to Hacker News, the fake WhatsApp was nearly indistinguishable from the real thing thanks to an invisible space placed at the end of the developer’s name.

A search for “WhatsApp” on Google Play currently shows no fewer than seven spoof apps using slight variations on the developer name “WhatsApp Inc.”, including versions with extra spaces, asterisks, or commas.

In prior incidents, security experts or unlucky users have encountered malware in compromised messaging apps, in a line of popular children’s games, and even in fake versions of Pokemon Go.

Why would you allow whitespace at the end of a string anyway? That's just bad input validation.

Browse all articles« Previous « » Next »