InfoSecBulletin Cybersecurity for mankind
Meta launched the Threads app earlier this month as a competitor to Twitter, and it has already been downloaded over 100 million times.
In just 24 hours, over 700 fake domain names have been created as scammers are attempting to make a profit by copying the popular social media site.
Researcher found non protected database form ESHYFT containig 86000 records
CVE-2024-55591 and CVE-2025-24472
New SuperBlack ransomware exploits Fortinet flaws
CVE-2025-25291 & CVE-2025-25292
Attention! GitLab Patched Critical Authentication Bypass Flaws
CVE-2025-20138
Cisco released High Security Alert for IOS XR Software
400+ IPs Exploiting Multiple SSRF Vulnerabilities
NVIDIA has released update for NVIDIA Riva
CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”
Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws
Ballista Botnet infects 6000 Unpatched TP-Link Routers
CVE-2025-24813
Flaw in Apache Tomcat Exposes Servers to RCE
Cybersecurity analyst Veriti has made a shocking discovery. On July 9th, they identified hundreds of fake URLs that led to potentially harmful websites.
“As the popularity of Meta’s Threads app continues to rise, attackers are capitalizing on the excitement to carry out malicious activities,” said Veriti. “By creating many suspicious domains, they aim to deceive users and distribute malware.”
Considering this, websites with themes like Threads, such as “Threadsapk[.]download” (a site suspected of phishing) or “Threadsappz[.]com” (which claims to have an Android version of the app), should be shunned like a digital pandemic.
“Users should exercise caution, as this download is not sourced from the official App Store or Google Play,” said Veriti. “Instead, it redirects to an external source — in this case, a Google Drive, where the APK [Android format] file can be downloaded. Such downloads from untrusted sources can pose significant security risks, including the potential for malware infection.”
ALSO READ:
Other suspicious domain names to watch out for include whatisthreads[.]com, socialthreads[.]store, threadsapp[.]shop, threadsl[.]com, and threadsinstagram[.]app — which appears to be trying to leverage fellow Meta platform Instagram as well.
Veriti urges early adopters of Threads to exercise due caution at all times and only download it from trusted sources.
Only download Threads app from authorized app stores like Google Play or Apple App Store to ensure you have the real version.
Consumers should avoid clicking on links from unverified sources, such as unknown email addresses or unfamiliar websites. Doing so might result in being sent to harmful websites or deceiving the user into downloading malware.
If someone gets caught in a scam, they are at risk of having their identity stolen. This may lead to more scams that try to trick them into giving away their money. It is important to beware of phishing attempts and other social engineering tactics that scammers may use to steal personal information. By staying cautious, it is possible to prevent future scams and protect oneself from financial fraud.
Veriti advises people to check if a website’s domain name is legitimate before visiting any website associated with Threads.
“Be wary of domains that have spelling variations or lookalikes designed to deceive users,” said Veriti.
