Beware This Ransomware Disguised as WhatsApp Webpage

With attention being focused solely on the WannaCry ransomware outbreak that happened over the weekend, it can be easy to lose track of the fact that the notorious hackers are still resorting to smaller attempts to compromise a user’s device. Case in point, there appears to be a fake Whatsapp link circulating around the internet.

The link in question looks like this:

whatsapp in cyrillic

And it may appear legit to those who merely give a cursory glance at the link. However, those who look closer at the link will notice that the word "WhatsApp" is written in Cyrillic instead of the English alphabet.

change whatsapp colour

By clicking on the link, the user would be transported to a website that appears to promote colored themes for WhatsApp. Upon visiting the site, the website would prompt the user to share the site via their social media account or directly to friends in order to verify them.

Finally, the website would then ask the user to install an adware disguised as a Google Chrome extension to their browser.

fake google extension

For the most part, the danger that comes with this malware has mostly been neutralized by Google, as the WhatsApp link in question has since been flagged as dangerous, and the malicious extension has since been removed.

Nevertheless, it may be wise to remain vigilant with regards to the links you click. According to a post on Reddit, a Twitter handle has been spotted tweeting out similar Cyrillic-based links of other popular social network services.

attacking other social media platform

In short, pay close attention to the links that you click as some of them may not seem so innocent upon closer inspection.