InfobloxThreatIntel (@InfobloxThreatIntel@infosec.exchange)
WhatsApp, doc?
We recently observed about 800 lookalike domains impersonating WhatsApp. These domains are all on the .com, .cc, and .cn TLDs and exhibit a few naming patterns:
Randomized short .cc domains:
- whatsqgs[.]cc, whatsqka[.]cc, whatsqys[.]cc
Structured .com domains:
- app-<3 letters>-whatshktw[.]com
- app-<3 letters>-whatsappcc[.]com
Structured .cn domains:
- <4 letters>-wahtsapp[.]cn
These domains were all created within the last 20 days, tops, and given the bulk registration and consistent infrastructure, point to a coordinated campaign. All 800+ domains are hosted in ASN 205960 (KR, 'IP Transit'), share the same nameserver domain (domainnamedns[.]com), and embed a highly-suspicious Chinese analytics loader from aizhantj[.]com (seriously, this thing is weird; check the references below). The sites present fake WhatsApp login/download portals in Chinese, suggesting East-Asian targeting.
Selection of IOCs
app-xfn-whatsappcc[.]com
app-xbb-whatsappcc[.]com
app-wum-whatshktw[.]com
ptjh-wahtsapp[.]com
kemc-wahstapp[.]cn
hzfv-wahstapp[.]cn
iiqu-wahstapp[.]cn
ggeu-wahstapp[.]cn
whatsyuy[.]cc
xjdp-wahstapp[.]cn
yaue-wahstapp[.]cn
zvxd-wahstapp[.]cn
References
https://urlscan.io/result/0199f335-4b61-76ca-851f-c832a7d5f9bd/#transactions (tj.js is the weird analytics GET request)
https://urlscan.io/result/0199f34a-e9a8-7788-a057-29a6c9a3f133 (the loader itself)
https://www.shodan.io/search?query=aizhantj.com
#infoblox #phishing #lookalikes #infosec #threatintel #dns #whatsapp
Show Original Post
dustcircle (@dustcircle@mastodon.social)
Get ready to reserve your #WhatsApp #username soon
https://www.androidpolice.com/get-ready-to-reserve-your-whatsapp-username-soon/
Show Original Post
dustcircle (@dustcircle@masto.ai)
131 #Chrome #Extensions Caught #Hijacking #WhatsApp Web for Massive #Spam Campaign
https://thehackernews.com/2025/10/131-chrome-extensions-caught-hijacking.html
Show Original Post
bekz (@bekz@chaos.social)
“Ausspionieren von Milliarden von Menschen steht nicht in meinem Arbeitsvertrag” #thedarkknight #christophernolan #eu #chat #whatsapp #signal #email
Show Original Post
AppleX4_ (@AppleX4_@mastodon.social)
WhatsApp quiere poner fin a los mensajes “fantasma” 👻
La app limitará la cantidad de mensajes que puedes enviar sin recibir respuesta, con avisos antes de llegar al tope. Una medida pensada para frenar el spam… y quizá para calmar a los pesados 😅
#WhatsApp #TechNews
Show Original Post
ceotech (@ceotech@mastodon.social)
WhatsApp: in arrivo la prenotazione degli username
#Aggiornamento #App #Messaggistica #NomeUtente #Novità #Privacy #TechNews #Tecnologia #Username #WhatsApp #WhatsAppBeta
https://www.ceotech.it/whatsapp-in-arrivo-la-prenotazione-degli-username/
Show Original Post
blaulicht (@blaulicht@freie-re.de)
Heilbronn (ots) - Heilbronn/K9562: Fünf Verletzte bei Verkehrsunfall mit Rettungswagen Am Montagmittag kam es in Heilbronn zu einem schweren Verkehrsunfall mit einem Einsatzfahrzeug. Gegen 12.50 Uhr befuhr ein Rettungswagen im Einsatz, mit ...
https://www.presseportal.de/blaulicht/pm/110971/6141558
#Bahn #Elektrofahrzeug #Folgetonhorn #Invalidität #Landkreis #Patient #Personenkraftwagen #Rettungswagen #Transport #Transportnotfall #Verkehrsnotfall #Verkehrsunfall #Verkehrsunglück #WhatsApp
Show Original Post
luisjcarrillom66 (@luisjcarrillom66@mastodon.social)
Pendientes: #WhatsApp dejará de funcionar en estos celulares y tablets desde el 31 de octubre de 2025 https://www.laiguana.tv/articulos/1421360-whatsapp-dejara-de-funcionar-en-estos-celulares-y-tablets-desde-el-31-de-octubre-de-2025/
Show Original Post
mac4ever (@mac4ever@mastodon.social)
WhatsApp veut limiter les messages pour lutter contre le spam
https://mac4ever.com/192538
#Mac4Ever #WhatsApp
Show Original Post
Milk31 (@Milk31@mastodon.social)
@ambiguous_yelp @jowek @_elena я такого не говорил этого,и если их беспокоит конфиденциалность,то не сидели бы в #WhatsApp и тому подобных мессенджерах
Show Original Post
medientino (@medientino@troet.cafe)
Künftig sollen Sie deutlich weniger von #Spam in #WhatsApp behelligt werden.
👇🏼 via #teltarif:
https://www.teltarif.de/nr7a/nr8/whatsapp-nachrichten-limit-spam/news/100174.html
Show Original Post
threatcodex (@threatcodex@infosec.exchange)
Spyware maker NSO Group blocked from WhatsApp
#NSOGroup #WhatsApp
https://techcrunch.com/2025/10/18/spyware-maker-nso-group-blocked-from-whatsapp/
Show Original Post