Next time someone links you to whatsapp.com, make sure you take a second look. There’s some adware currently circulating around the web by tricking users to visit a ‘шһатѕарр.com’ domain instead. Yes, those are different URLs – the fake URL uses characters from the Cyrillic alphabet.
As spotted by redditor u/yuexist, the site promises to let you install WhatsApp in different colors – I mean, everyone likes color options, right? If you visit the link, you’re asked to share the site with your friends for ‘verification.’ Your friends then receive a message saying “I love the new colors for whatsapp’ along with the fake URL.
Once you’ve ‘verified’ yourself, you’re then told that WhatsApp’s colors can only be accessed on a desktop, and are asked to install an extension from the real Chrome Web Store called BlackWhats (still, click at your own risk).
All this should send about 27,531 red flags to anyone remotely tech savvy, but there are plenty of WhatsApp users who don’t spend their time on tech blogs and might fall for it – the fake URL is certainly convincing enough at first glance. The extension itself has over 16,000 users and a 4 star rating from 55 ratings, though there are only 3 text reviews – it’s hard to tell if these ratings are somehow fake.
We’ve reached out to Google to alert them about the adware. And as always, make sure to double check URLs on any unexpected links you may receive.
Update: Google has removed this extension from the Chrome Web Store. Good riddance.