More than a million people have been tricked into downloading a fraudulent version of WhatsApp.
Titled “Update WhatsApp Messenger”, the app appeared completely genuine. Instead it flooded users with ads and persuaded them to install other programs.
App fraud cases are growing because they are increasingly simple to fake. Update WhatsApp Messenger used the official WhatsApp logo, appeared to have been developed by WhatsApp Inc. – the creators of the official app – and had a user rating of 4.2 stars.
To achieve this, scammers added an invisible Unicode character space to the end of the app’s name, which read as “WhatsApp+Inc%C2%A0”. This disguised it as a credible WhatsApp app. It further concealed its presence on devices by creating a blank icon that could not be seen in the Apps screen after being installed.
While scammers only used the app to make money through fraudulent advertising, the technique can be used to distribute harmful malware or stolen consumer data.
Because of the openness of the Google Play Store, fraudsters have greater freedom to publish fake apps than on other platforms. Often these apps offer no services while costing money – an infamous case being Virus Shield. This app charged $4 to provide Antivirus to Android smartphones, yet did nothing. The developers made $40,000 before the scam was taken down.
Fraudsters also capitalise on consumer desires for holiday bargains, especially around Christmas. Adverts often offer a 25 per cent discount when mobile users download an app, but some are fraudulent. These apps gain access to an online account with a retailer and from there can use a saved credit card to make purchases.
App install fraud is a $300 million industry. Part of the problem is that fraudsters are developing new means to fool Google’s blocking of fake and malicious apps from the Play store. More than 80 per cent of fraudulent installs are now able to artificially generate app activity – where the app tells Google’s anti-fraud efforts that the app is working as intended.
The highest app install rates currently are in Saudi Arabia (15.8 per cent), India (7.8 per cent) and the US (6.5 per cent).
Scammers are becoming increasingly experienced at mimicking the behaviour of real users to game the system. Often fraudulent activity is intermixed with legitimate activities, making anti-fraud solutions that rely solely on blacklists ineffective.
Users also should be aware of app install fraud, asking:
- Is this holiday deal from a legitimate source?
- Is this website protected by online security measures?
- Could the app possibly be fake?
Photo Editorial credit: Alex Ruhl / Shutterstock.com