InfoSecBulletin Cybersecurity for mankind
Meta launched the Threads app earlier this month as a competitor to Twitter, and it has already been downloaded over 100 million times.
In just 24 hours, over 700 fake domain names have been created as scammers are attempting to make a profit by copying the popular social media site.
Joint cybersecurity advisory
Botnet infects 260,000 SOHO routers, IP cameras with malware
Chrome 129 Released Fix with multiple Security Flaws
Broadcom fixed RCE bug in VMware vCenter Server
Cybercriminal now misuse Microsoft Azure tool to steal data
Apple warns users to install iOS 18 to Fix 33 iPhone Vulnerabilities
CISA adds windows and whatsUp Gold vuls to its KEV
Petroleum and Fuel Industry
FleetPanda exposes Nearly One Million Documents
DESCO faces cyber attack: Customers Data Breach
Alert! Google Fixes GCP Composer Flaw
CTF in Bangladesh: Unveiling Challenges, Opportunities and remedies
Cybersecurity analyst Veriti has made a shocking discovery. On July 9th, they identified hundreds of fake URLs that led to potentially harmful websites.
“As the popularity of Meta’s Threads app continues to rise, attackers are capitalizing on the excitement to carry out malicious activities,” said Veriti. “By creating many suspicious domains, they aim to deceive users and distribute malware.”
Considering this, websites with themes like Threads, such as “Threadsapk[.]download” (a site suspected of phishing) or “Threadsappz[.]com” (which claims to have an Android version of the app), should be shunned like a digital pandemic.
“Users should exercise caution, as this download is not sourced from the official App Store or Google Play,” said Veriti. “Instead, it redirects to an external source — in this case, a Google Drive, where the APK [Android format] file can be downloaded. Such downloads from untrusted sources can pose significant security risks, including the potential for malware infection.”
ALSO READ:
Other suspicious domain names to watch out for include whatisthreads[.]com, socialthreads[.]store, threadsapp[.]shop, threadsl[.]com, and threadsinstagram[.]app — which appears to be trying to leverage fellow Meta platform Instagram as well.
Veriti urges early adopters of Threads to exercise due caution at all times and only download it from trusted sources.
Only download Threads app from authorized app stores like Google Play or Apple App Store to ensure you have the real version.
Consumers should avoid clicking on links from unverified sources, such as unknown email addresses or unfamiliar websites. Doing so might result in being sent to harmful websites or deceiving the user into downloading malware.
If someone gets caught in a scam, they are at risk of having their identity stolen. This may lead to more scams that try to trick them into giving away their money. It is important to beware of phishing attempts and other social engineering tactics that scammers may use to steal personal information. By staying cautious, it is possible to prevent future scams and protect oneself from financial fraud.
Veriti advises people to check if a website’s domain name is legitimate before visiting any website associated with Threads.
“Be wary of domains that have spelling variations or lookalikes designed to deceive users,” said Veriti.
