Phishing fears as fake Threads websites multiply

Threads already has more than 100 million downloads, since Meta launched the app as a rival to Twitter earlier this month. But crooks are also seeking to cash in by mimicking the new social media app, with over 700 phony domain names emerging in a single day.

The startling revelation was made by cybersecurity analyst Veriti, which found hundreds of bogus URLs that redirected to suspected malicious sites registered in a single day on July 9th.

“As the popularity of Meta’s Threads app continues to rise, attackers are capitalizing on the excitement to carry out malicious activities,” said Veriti. “By creating a large number of suspicious domains, they aim to deceive users and distribute malware.”

First things first: if you want to download Mark Zuckerberg’s shiny new app, do it from Google Play if you are an Android user or the App Store if iOS is your thing.

Fake portal offering dodgy Threads download
Beware knock-off Threads download offers like this one, Threadsapk, which Veriti believes to be a phishing site aimed at installing malware onto a victim's device

With that in mind, Threads ‘themed’ websites such as "Threadsapk[.]download", a suspected phishing site, or “Threadsappz[.]com”, which purports to offer an Android version of the app, should be avoided like the cyber-plague.

“Users should exercise caution, as this download is not sourced from the official App Store or Google Play,” said Veriti. “Instead, it redirects to an external source — in this case, a Google Drive, where the APK [Android format] file can be downloaded. Such downloads from untrusted sources can pose significant security risks, including the potential for malware infection.”

Other suspicious domain names to watch out for include whatisthreads[.]com, socialthreads[.]store, threadsapp[.]shop, threadsl[.]com, and threadsinstagram[.]app — which appears to be trying to leverage fellow Meta platform Instagram as well.

Veriti urges early adopters of Threads to exercise due caution at all times and only download it from trusted sources.

“Only download the Threads app from official app stores, such as the Apple App Store or Google Play Store, to ensure you are accessing the genuine version,” it said.

Consumers should also avoid clicking on links shared through unverified sources such as messages from unknown email addresses or unfamiliar websites, as these may send them to malicious websites or cajole them into downloading malware.

Once caught in this way, the victim is prone to identity theft and future phishing or social engineering scams, ultimately aimed at fraudulently parting with their money.

Veriti also urges the public to verify domain authenticity, paying close attention to the domain name of any Threads-related websites they might be tempted to visit.

“Be wary of domains that have spelling variations or lookalikes designed to deceive users,” it said.

More from Cybernews:

Threads overtakes ChatGPT as fastest growing app ever

Twitter killer on the loose: Meta unleashes rival app Threads

Kick vs. Twitch: the battle of the streaming titans

Deutsche Bank, ING, and Postbank impacted by MOVEit hack

Sarah Silverman sues OpenAI, Meta over copyright

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked