Hello, welcome to the Tuesday, November 7th, 2017 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich,

and I'm recording from Jacksonville, Florida. And you're probably familiar with WhatsApp Messenger,

a very popular instant messenger application. Well, if you downloaded it recently from the

Google Play Store, be aware that you may have downloaded actually a fake version. Apparently,

someone managed to upload an application into the Google Play Store called Update WhatsApp

Messenger. This is luckily not too malicious.

It's really more an adware, spam application.

And in order to trick the user into believing that this is a genuine WhatsApp application,

they did use an developer name called WhatsApp Inc, followed by a space character

in Unicode. So this way it actually showed up as a different developer than the original

WhatsApp Inc, but it does look just like the original and is very difficult.

This application apparently was downloaded over a million times before Google removed it.

In general, this is a very common trick that in particular,

spammers are trying to impersonate popular apps like this.

In this case, in particular due to the Unicode space at the end of the developer name,

it was pretty difficult for someone to distinguish the valid and the invalid application.

And if you are familiar with anime, you may have heard of crunchyroll.com,

a website that features various anime movies.

If you visit the site this weekend and were redirected to a crunchy viewer.exe, then please

read Crunchyroll's blog post because you are probably infected with malware.

Crunchyroll.com uses Cloudflare like many sites in order to protect itself from denial of service

and also reduce the bandwidth with requirements of running the site. Well, apparently someone managed to break into Crunchy Roles Cloudflare account and used it

...