Phony Application to Supposedly Update WhatsApp Downloaded
A phony application to supposedly update WhatsApp whose publisher is WhatsApp Inc. and which was among the listed apps on Google's Play Store was recently downloaded more than 1m times. Furthermore, the phony application delivered malicious software via an ad propagating one application belonging to Play named "Cold Jewel Lines." By executing fraudulent as clicks with the application, the latter's creator thus was able to reap revenue.
Following installation of the app, which has malware purposed with making its creator rich via several fake ad banners, knowledge about the end-user gets done to the app which displays so-called servers expected to let the update. Startlr.com posted this on the Web dated November 27, 2017.
Two chief issues are related to the app; besides the most natural viz. it delivers certain obscene volume of ads targeted for the end-user devoid of really making WhatsApp up to date on his phone.
One issue relates to directly criticizing Google Play Store viz. no app should manage getting published with the identical name like the authorized one. By merely appending a white-space to the application name it did enough in duping Play Store's fundamental security design.
The other issue relates to the app's real name which itself is dubious. An app which is named "Update WhatsApp Messenger" shouldn't ever been allowed passing the screening procedure to let any app get a place on Play Store, no matter whether the procedure is very lenient towards making the allowance. What's more, the phony update app of WhatsApp package name 'whyuas.fullversion.update2017' indicates no connection with WhatsApp whatsoever.
Apparently, the app first connects the end-user with the "Cold Jewel Lines" app in Play that harbors malware which Zimperium security researchers detected. Following this connection, the end-user again faces the phony app that shows a couple of download servers.
Whenever the end-user taps, one fresh advertisement is served and it deliberately makes him do the taps accidentally. In addition to that, the app never connects the end-user with any update page of WhatsApp. This app contains the least number of permissions, with just a single permission for network requested.
» SPAMfighter News - 12/1/2017