Users who visit the bad link are promised the ability to install a version of the WhatsApp app in different colors. Instead, those who follow the instructions end up installing adware on their computer.
If you’re not paying much attention, the link looks completely legit: шһатѕарр.com
However, after looking closer you can see the characters seem off. As TNW pointed out, the bad link contains characters from the Cyrillic alphabet.
This technique has been used to trick users of services like PayPal in the past.
Although, unlike the PayPal site, the red flags begin waving the moment you visit the bad WhatsApp page. To start, visitors are instantly redirected to a completely different website.
The first thing you’re asked to do when visiting the site is to share it to your social media accounts or directly to friends as a form of verification, then you’re instructed to install a Google Chrome extension on your computer. That extension is where things go bad, as it’s reportedly adware.
In short, double-check the URLs you visit. Take a quick glance at the address bar after opening the bad link and you won’t see any reference to WhatsApp. The same goes for clicking links in emails, even when the sender seems legitimate.
Perhaps more importantly, don’t install random apps or extensions without first verifying the true source.