WhatsApp Pink is a virus, not an app makeover — what to do if you get a link

WhatsApp pink scam
(Image credit: Rajesh Rajaharia/Twitter)

A new WhatsApp scam promises a pink makeover for the app on Android, but don't be tempted to download it: It's actually malware that can steal your data. 

Internet security researcher Rajshekhar Rajaharia flagged up the scam on Twitter, warning users not to be taken in by its promise to change WhatsApp's green theme to pink. What's more, the scam presents itself as an official update — so if you see the APK download link that's being spread in WhatsApp groups, do not click on it.

Rajaharia warns that hitting the link could give hackers access to your device, as well as spreading to your contacts via messages. He adds that the malware -- technically a Trojan, or malware posing as benign software so the user is tricked into installing it -- seems to be contained to just Android devices, so iOS WhatsApp users don't need to worry. 

Of course, if you've already been had, it's not the end of the world. It's time for damage control, and Rajaharia outlines the next steps you need to take. 

First, uninstall WhatsApp Pink. Next, unlink all WhatsApp Web devices, then head into your settings and clear your browser cache. After that, check permissions for all of your apps. If you spot anything suspect here, you can revoke permissions as you see fit. 

To avoid scams like this in the future, it's best not to install any APK or apps that aren't the official versions from your platform's respective app stores. 

Make sure that no apps or processes other than the official Google Play Store app can install software on your Android device. Go into Settings > Apps & Notifications > Special App Access > Install Unknown Apps and check to make sure that "Not Allowed" is under all the apps listed.

Jiten Jain, director of cybersecurity firm Voyager Infosec, told Outlook India:

"Such malicious apps can be used to compromise your phone and steal personal data like photos, SMS, contacts etc. Keyboard based malwares can be used to track everything you type. It can be used to capture and steal banking passwords. The current case of Pink WhatsApp or WhatsApp Gold is also a case of malware impersonating as fake WhatsApp feature apps."

A WhatsApp spokesperson told the outlet: "Anyone can get an unusual, uncharacteristic or suspicious message on any service, including email, and anytime that happens we strongly encourage everyone to use caution before responding or engaging. On WhatsApp in particular, we also recommend that people use the tools that we provide within the app to send us a report, report a contact or block contact."

Shabana Arif

Shabana is T3's News Editor covering tech and gaming, and has been writing about video games for almost a decade (and playing them since forever). As well as contributing to Tom's Guide, she's had bylines at major gaming sites during her freelance career before settling down at T3, and has podcasts, streaming, and video content under her belt to boot. Outside of work, she also plays video games and should really think about expanding her hobbies.