In an effort to trick Android users, the fake app was originally called “Update WhatsApp” and was available in the Google Play store until very recently. The developer changed the app’s name to “Dual Whatsweb Update” but it has since been removed from the Google store — but not before plenty of people were duped by the fraudulent “update”.

According to Reddit users who first sounded the alarm, the fake app spammed those who installed it with advertisements to download other apps.

This isn’t the first time Google’s Play Store has been infiltrated by dodgy apps — far from it.

Earlier this month a security researcher at antivirus company Avast, Nikolaos Chrysaidos, claimed to have uncovered a fake Facebook Messenger app (complete with fake reviews) that he said was installed 10 million times.

In fact, as some users have pointed out, a search for WhatsApp in the Google Play store shows a number of spoof apps.

According to Hacker News, the latest fake WhatsApp was nearly indistinguishable from the real thing thanks to an invisible space placed at the end of the developer’s name.

Compared to Apple which has a hugely more vigorous screening process for its app store, Google has drawn criticism for failing to protect Android users from dodgy apps like this.

“These things are not getting enough scrutiny ... why wouldn’t an app that has a huge number of downloads receive a little additional security scrutiny,” cyber security expert Stephen Ridley told Motherboard, referring to the latest WhatsApp fraud.

In this case, people who got fooled didn’t suffer anything worse than being bombarded with pop-ups because the app’s goal was merely to create advertising revenue. But hackers can use such techniques for more nefarious purposes like spreading malware to your device.

Originally published as A million users were reportedly tricked into downloading fake WhatsApp update