Scam Alert: Don’t Click! ‘WhatsApp Color Change’ Link On WhatsApp Is A Malware or Adware

WhatsApp is one of the most popular chat messaging applications in the world and this is probably why a new adware uses the app’s name as a decoy to fool users into installing unwanted browser extensions and suggesting it to their friends as well.

If you come across a website that offers you WhatsApp in different colours, you might want to read on. It all starts with use of a fake URL as instead of directing users to WhatsApp’s official website, the adware directs users to a different domain, which makes use of characters from Cyrillic alphabet, as pointed out in a report by The Next Web.

It has been doing multiple rounds on the social media now and also on WhatsApp, where it originally originated.

There are several other such malicious links available on the internet which tricks users with such appealing features and lure them to install malware on their devices. Though such links don’t spread on such a wide basis, as most of them are short-lived and soon get taken down by cyber security controllers.

This color changing link came out to be an exception and it got viral in a fortnight. They claim to change the color of your WhatsApp, though when you click, it only installs an unknown adware on your device.

Though when you finally share the link with your contacts and groups, their next pop up shows a message, which says that the different color can only be used on a computer, where your device needs to have Chrome as your browser and you should add the required extension.

Followings  are some sample for “New Colors for WhatsApp Function” Fake Message or Scam

How the “New Colors for WhatsApp Function” Scam Works

Whatsapp user gets the following message saying WhatsApp is now available with different colors:

“I love the new colors for WhatsApp hxxp://шһатѕарр.com/?colors.”

If the link or button in the fake message is clicked, WhatsApp users will be taken to the fake and malicious website at hxxp://шһатѕарр.com/?colors, which actually goes to this malicious website: hxxp:// users will then ask to share the link with multiple groups for human verification.

Once WhatsApp users have done sharing, they will be asked to install adware apps. After they have installed the adware the website says the WhatsApp color is available only in WhatsApp web and then ask them to install a malicious Chrome extension located in the Google Chrome Store:

  • hxxps:// blackwhats/apkecfhccjhdmicfliebkdekbkoioiaj

Once the malicious extension or adware is installed, the infected devices will start displaying annoying or malicious advertisements.

WhatsApp users should never install an upgrade or features if they are asked to share before they can do so. This is how cybercriminals trick potential victims into spreading the malware to other users. And, there is no need to click on a link to install a new feature of Whatsapp because WhatsApp will automatically update itself or will let you know when a new feature is available. Therefore, avoid messages that ask to install WhatsApp features.

What we can learn from this is that it is very important to be aware and not fall for such cheap trick or scam. It is better to first analyze the message before clicking on any suspicious link. Further, WhatsApp might not be able to stop such messages from circulating by itself but users should try to avoid these kinds of situations by being aware.


Sources:  OnlineThreadAlerts, Trak


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s