WARNING: One Million People Downloaded Fake WhatsApp

Got an iPhone? Then don’t stress.

According to news reports, more than one million people were tricked into downloading a fake Android app that was pretending to be an update of WhatsApp.

Tsk tsk.

Available via the Play Store – and it’s still there – the app was called “Update WhatsApp”:

However, after its illegitimacy was flagged by Reddit users (obviously), the apps’ name changed to “Dual Whatsweb Update” and its icon was also switched, reportsMotherboard.

The goal? Well, unlike many fake apps of this kind, its purpose was to create revenue through ad views:

Nikolaos Chrysaidos, a security researcher at anti-virus company Avast, has spotted a few similarly malicious apps, such as a fake Facebook Messenger app that he said was downloaded 10 million times.

You see, other fake apps that use the same technique to get downloaded are used to hack victims:

This is not the first time someone tries to deceive Android users with fake, malicious apps. The Google Play Store has long been mired by these kind of apps. But based on the number of downloads, this fake WhatsApp app is one of the most successful ever.

“Wow that *is* a lot….jeez!” Stephen Ridley, a security researcher who was one of the co-authors of the Android Hacker’s Handbook, told in a Twitter direct message.

“These things are not getting enough scrutiny […] why wouldn’t an app that has a huge number of downloads receive a little additional security scrutiny,” Ridley added in a subsequent phone call.

Just take a look at the amount of WhatsApp-branded apps that have got past Google’s curation:

Shocking. Android users, be careful out there.

Or, make things easier and just get yourself an iPhone.