Malware Popups on WhatsApp
Links shared via WhatsApp — often from compromised contacts — lead to browser pages displaying fake virus alerts designed to panic users into calling fraudulent support lines or downloading malicious files.
Part of: Malware Popups
Last reviewed: 1 June 2026
WhatsApp's end-to-end encryption means link previews cannot be pre-scanned for malicious content before reaching the recipient. Fraudsters exploit this by sending malicious links through compromised accounts — making them appear to come from known contacts — or via group chats where a single compromised member distributes the link to the entire group.
Because the link appears to come from a known contact or in a trusted family or community group, victims are more likely to click it without the scepticism they might apply to an unknown email attachment.
How this scam works on WhatsApp
A WhatsApp message from a contact or group shares what appears to be a news article, discount offer, or video. Clicking the link opens a browser page that immediately triggers a full-screen security alert claiming the device has been infected. The alert displays a countdown timer and a support number to call or a button to download a 'cleaning tool'.
Users who call the number are directed by a scammer posing as a tech support agent, who walks them through granting remote access to their device. Users who download the 'cleaning tool' install malware that operates silently in the background.
The original WhatsApp account from which the link was sent was typically compromised through a prior account-takeover scam, meaning the victim's own contact may not be aware their account is being used to distribute malicious content.
Common red flags
- WhatsApp link from a known contact that opens a browser security alert
- Alert claiming your device is infected with a countdown timer
- Phone number or download button on the alert page as the only resolution option
- Message forwarded many times, indicated by WhatsApp's 'Frequently forwarded' label
- Link that is only a short URL with no visible indication of the destination
- Contact who seems unaware of the message when you ask about it — their account may be compromised
How to protect yourself
- Force-quit your browser immediately if a security alert popup appears after clicking a WhatsApp link
- Never call a phone number displayed in a browser alert
- Alert any contact from whom you received a suspicious link — their account may be compromised
- Avoid clicking shortened or unfamiliar URLs in WhatsApp messages, even from known contacts
- Use WhatsApp's 'Report' function to flag suspicious messages
- Keep your device's operating system and apps updated to reduce malware vulnerability
How to report it
- Report the message within WhatsApp using the 'Report' function
- Contact the sender via another channel to let them know their account may be compromised
- Submit the malicious URL to your national cybersecurity reporting service
Frequently asked questions
If the malware popup appeared but I closed the browser without clicking anything, am I safe?
In most cases, closing the browser before clicking any button or downloading anything means your device has not been compromised. However, some pages use drive-by download techniques on unpatched browsers. Run a trusted security scan as a precaution and keep your browser and operating system up to date.