In the world of the open source software, anything can happen, especially in Android where more than 1 million users ended up downloading a ‘stunt double’ of social media app WhatsApp from the Google Play Store. Over the years cybercriminals have used various platforms which are extensively used by users to spread their hoax, malware and other viruses. This time the hackers used Android’s Google Play Store where they placed a fake version of the most used messaging app WhatsApp which triggered a whopping one million downloads.  According to Hackernews, the Dubbed Update WhatsApp Messenger came from an app developer who pretended to be the actual WhatsApp service with the developer title “WhatsApp Inc.”— the same title the actual WhatsApp messenger users on Google Play.

Along with the number games which brought more than a million downloads, it will be more intriguing to know that how the sneaky hackers were able to breach the security of WhatsApp. The fake app makers, who named the app as Update WhatsApp Messenger were able to use the same title of the Facebook-owned application through a Unicode character space. The fake app makers cunningly placed a Unicode character space after the original WhatsApp Inc. name which will be read as WhatsApp+Inc%C2%A0. With the placement of Unicode character or the hidden character space, users won’t be able to recognize the difference between the phoney app and the original one in one go. An average Android user will only search for app updates and will then quickly hit the download button if it is coming from an officially licensed source.

Only by the hidden character space, the phoney app makers were able to blend their app with the authentic WhatsApp as the title used by the sneaky developers and real text messaging app were same in appearance.The major spooky blunder was first spotted by the Redditors, who revealed that the app was not messaging app as the fake app only directed Android users with random advertisements in order to increase the downloads of other apps.