If your friends send you this WhatsApp link, don't click it

WhatsApp users, pay attention to the links you open.

Jason Cipriani
Jason Cipriani
Jason Cipriani Contributing Writer, ZDNet
Jason Cipriani is based out of beautiful Colorado and has been covering mobile technology news and reviewing the latest gadgets for the last six years. His work can also be found on sister site CNET in the How To section, as well as across several more online publications.
Jason Cipriani
Watch this: 11 WhatsApp features you might not know

As first reported by The Next Web, a member of Reddit discovered a malicious WhatsApp link is being shared across social media and between WhatsApp users.

Users who visit the bad link are promised the ability to install a version of the WhatsApp app in different colors. Instead, those who follow the instructions end up installing adware on their computer.

If you're not paying much attention, the link looks completely legit: шһатѕарр.com

However, after looking closer you can see the characters seem off. As TNW pointed out, the bad link contains characters from the Cyrillic alphabet.

This technique has been used to trick users of services like PayPal in the past.


Whatever you do, do not install this extension.

Jason Cipriani/CNET

Although, unlike the PayPal site, the red flags begin waving the moment you visit the bad WhatsApp page. To start, visitors are instantly redirected to a completely different website.

The first thing you're asked to do when visiting the site is to share it to your social media accounts or directly to friends as a form of verification, then you're instructed to install a Google Chrome extension on your computer. That extension is where things go bad, as it's reportedly adware.

In short, double-check the URLs you visit. Take a quick glance at the address bar after opening the bad link and you won't see any reference to WhatsApp. The same goes for clicking links in emails, even when the sender seems legitimate.

Perhaps more importantly, don't install random apps or extensions without first verifying the true source.