InfoSecBulletin Cybersecurity for mankind
Meta launched the Threads app earlier this month as a competitor to Twitter, and it has already been downloaded over 100 million times.
In just 24 hours, over 700 fake domain names have been created as scammers are attempting to make a profit by copying the popular social media site.
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
Cybersecurity analyst Veriti has made a shocking discovery. On July 9th, they identified hundreds of fake URLs that led to potentially harmful websites.
“As the popularity of Meta’s Threads app continues to rise, attackers are capitalizing on the excitement to carry out malicious activities,” said Veriti. “By creating many suspicious domains, they aim to deceive users and distribute malware.”
Considering this, websites with themes like Threads, such as “Threadsapk[.]download” (a site suspected of phishing) or “Threadsappz[.]com” (which claims to have an Android version of the app), should be shunned like a digital pandemic.
“Users should exercise caution, as this download is not sourced from the official App Store or Google Play,” said Veriti. “Instead, it redirects to an external source — in this case, a Google Drive, where the APK [Android format] file can be downloaded. Such downloads from untrusted sources can pose significant security risks, including the potential for malware infection.”
ALSO READ:
Other suspicious domain names to watch out for include whatisthreads[.]com, socialthreads[.]store, threadsapp[.]shop, threadsl[.]com, and threadsinstagram[.]app — which appears to be trying to leverage fellow Meta platform Instagram as well.
Veriti urges early adopters of Threads to exercise due caution at all times and only download it from trusted sources.
Only download Threads app from authorized app stores like Google Play or Apple App Store to ensure you have the real version.
Consumers should avoid clicking on links from unverified sources, such as unknown email addresses or unfamiliar websites. Doing so might result in being sent to harmful websites or deceiving the user into downloading malware.
If someone gets caught in a scam, they are at risk of having their identity stolen. This may lead to more scams that try to trick them into giving away their money. It is important to beware of phishing attempts and other social engineering tactics that scammers may use to steal personal information. By staying cautious, it is possible to prevent future scams and protect oneself from financial fraud.
Veriti advises people to check if a website’s domain name is legitimate before visiting any website associated with Threads.
“Be wary of domains that have spelling variations or lookalikes designed to deceive users,” said Veriti.
