InfoSecBulletin Cybersecurity for mankind
Meta launched the Threads app earlier this month as a competitor to Twitter, and it has already been downloaded over 100 million times.
In just 24 hours, over 700 fake domain names have been created as scammers are attempting to make a profit by copying the popular social media site.
CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Critical RCE Flaw Patched in Roundcube Webmail
Hacker claim Leak of Deloitte Source Code & GitHub Credentials
CISA Issued Guidance for SIEM and SOAR Implementation
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora
Australia enacts mandatory ransomware payment reporting
Why Govt Demands Foreign CCTV Firms to Submit Source Code?
Cybersecurity analyst Veriti has made a shocking discovery. On July 9th, they identified hundreds of fake URLs that led to potentially harmful websites.
“As the popularity of Meta’s Threads app continues to rise, attackers are capitalizing on the excitement to carry out malicious activities,” said Veriti. “By creating many suspicious domains, they aim to deceive users and distribute malware.”
Considering this, websites with themes like Threads, such as “Threadsapk[.]download” (a site suspected of phishing) or “Threadsappz[.]com” (which claims to have an Android version of the app), should be shunned like a digital pandemic.
“Users should exercise caution, as this download is not sourced from the official App Store or Google Play,” said Veriti. “Instead, it redirects to an external source — in this case, a Google Drive, where the APK [Android format] file can be downloaded. Such downloads from untrusted sources can pose significant security risks, including the potential for malware infection.”
ALSO READ:
Other suspicious domain names to watch out for include whatisthreads[.]com, socialthreads[.]store, threadsapp[.]shop, threadsl[.]com, and threadsinstagram[.]app — which appears to be trying to leverage fellow Meta platform Instagram as well.
Veriti urges early adopters of Threads to exercise due caution at all times and only download it from trusted sources.
Only download Threads app from authorized app stores like Google Play or Apple App Store to ensure you have the real version.
Consumers should avoid clicking on links from unverified sources, such as unknown email addresses or unfamiliar websites. Doing so might result in being sent to harmful websites or deceiving the user into downloading malware.
If someone gets caught in a scam, they are at risk of having their identity stolen. This may lead to more scams that try to trick them into giving away their money. It is important to beware of phishing attempts and other social engineering tactics that scammers may use to steal personal information. By staying cautious, it is possible to prevent future scams and protect oneself from financial fraud.
Veriti advises people to check if a website’s domain name is legitimate before visiting any website associated with Threads.
“Be wary of domains that have spelling variations or lookalikes designed to deceive users,” said Veriti.
