Users found in the network fake website of the popular messenger “chatarra” that offers to download the dark design of the interface. In fact, the resource redirects the user to a website with advertising.
The creators of fake website made use of the letter “W” of the Cyrillic alphabet. Symbols are similar to Latin, designed to give a resemblance to whatsapp.com and enter confusing to the user.
Before you download dark interface for messenger the user is prompted to share the site on social networks. Friends will receive a link to a fake resource with the caption “I love the new colors in WhatsApp”.
After fulfilling the conditions fake website the user is redirected to the page in the Chrome Web Store to download advertising applications BlackWhats. The extension, which has already installed more than 18,000 people, has an average rating of four points. Although it received a high rating text reviews left only three people.
Currently there is no information about what BlackWhats shows any malicious activity. Apparently, talking about advertising.
Not the first time scammers use characters from other languages and Unicode in domain names. Informed thus google.com turned in ɢoogle.com and at the end of April 2017 Chinese researcher Sudan Zheng (Zheng Xudong) warned that the browsers Chrome, Firefox and Opera are vulnerable to virtually undetectable phishing attacks by which attackers can register fake domains that are virtually indistinguishable from the real resources of Apple, Google, eBay, Amazon and many other companies.
