Threads already has more than 100 million downloads, since Meta launched the app as a rival to Twitter earlier this month. But crooks are also seeking to cash in by mimicking the new social media app, with over 700 phony domain names emerging in a single day.
The startling revelation was made by cybersecurity analyst Veriti, which found hundreds of bogus URLs that redirected to suspected malicious sites registered in a single day on July 9th.
“As the popularity of Meta’s Threads app continues to rise, attackers are capitalizing on the excitement to carry out malicious activities,” said Veriti. “By creating a large number of suspicious domains, they aim to deceive users and distribute malware.”
First things first: if you want to download Mark Zuckerberg’s shiny new app, do it from Google Play if you are an Android user or the App Store if iOS is your thing.
With that in mind, Threads ‘themed’ websites such as "Threadsapk[.]download", a suspected phishing site, or “Threadsappz[.]com”, which purports to offer an Android version of the app, should be avoided like the cyber-plague.
“Users should exercise caution, as this download is not sourced from the official App Store or Google Play,” said Veriti. “Instead, it redirects to an external source — in this case, a Google Drive, where the APK [Android format] file can be downloaded. Such downloads from untrusted sources can pose significant security risks, including the potential for malware infection.”
Other suspicious domain names to watch out for include whatisthreads[.]com, socialthreads[.]store, threadsapp[.]shop, threadsl[.]com, and threadsinstagram[.]app — which appears to be trying to leverage fellow Meta platform Instagram as well.
Veriti urges early adopters of Threads to exercise due caution at all times and only download it from trusted sources.
“Only download the Threads app from official app stores, such as the Apple App Store or Google Play Store, to ensure you are accessing the genuine version,” it said.
Consumers should also avoid clicking on links shared through unverified sources such as messages from unknown email addresses or unfamiliar websites, as these may send them to malicious websites or cajole them into downloading malware.
Once caught in this way, the victim is prone to identity theft and future phishing or social engineering scams, ultimately aimed at fraudulently parting with their money.
Veriti also urges the public to verify domain authenticity, paying close attention to the domain name of any Threads-related websites they might be tempted to visit.
“Be wary of domains that have spelling variations or lookalikes designed to deceive users,” it said.
More from Cybernews:
Subscribe to our newsletter