EMERGING THREAT: ATTACKERS EXPLOIT META’S THREADS APP BUZZ 

by | Jul 10, 2023

As the buzz around Meta’s new text-based social networking app, Threads, continues to grow, attackers are seizing the opportunity to take advantage of the buzz. In recent weeks, we have observed a surge in the creation of suspicious domains, with over 700 domains related to Threads being registered daily. These domains pose a significant risk as they can be used to deceive users, distribute malware, and lure unsuspecting individuals into downloading untrusted versions of the app. In this research blog, we shed light on this emerging threat and provide examples of suspicious domains to raise awareness and promote vigilance. 

THE RISING THREAT 

Among the newly registered domains, there are several that exhibit suspicious characteristics and potential malicious intent. One such example is “Threadsapk[.]download,” a potential phishing domain created just a few days ago. This domain raises concerns as attackers may use it to trick users into sharing sensitive information or credentials. 

Another concerning domain is “Threadsappz[.]com” which offers an Android version of the app for download. However, users should exercise caution, as this download is not sourced from the official app store or Google Play. Instead, it redirects to an external source, in this case, a Google Drive, where the APK file can be downloaded. Such downloads from untrusted sources can pose significant security risks, including the potential for malware infection.

This is similar to the previous story, but in this instance, the file can be downloaded from MediaFire instead of the app stores.

LIST OF SUSPICIOUS DOMAINS

We have compiled a list of domain lookalikes that were registered just yesterday. These domains mimic the legitimate Threads app or use variations in their names to mislead users. By sharing this list, we aim to create awareness and prevent unsuspecting individuals from falling victim to these deceptive tactics. Please refer to the attached list for further details on these suspicious domains.

threads[.]ovh
whatisthreads[.]com
socialthreads[.]store
threadsapk[.]download
threadsfollower[.]org
threadsmeme[.]com
bestofthreads[.]com
threadsapp[.]dev
metathreads[.]social
threadsexpert[.]com
threads-apk[.]org
metathreads[.]website
threadsapp[.]shop
threadspix[.]com
tthreadsfollowers[.]com
threadsl[.]com
threadsinstagram[.]app

And many more..

STAYING VIGILANT

It is crucial for users to exercise caution and follow best security practices. To protect yourself from potential threats related to the Threads app:

  1. Download from trusted sources: Only download the Threads app from official app stores, such as the Apple App Store or Google Play Store, to ensure you are accessing the genuine version.
  2. Be cautious of suspicious links: Avoid clicking on links shared through unverified sources, emails, or unfamiliar websites, as they may lead to malicious websites or downloads.
  3. Verify domain authenticity: Pay close attention to the domain name of any Threads-related websites you visit. Be wary of domains that have spelling variations or lookalikes designed to deceive users.
  4. Keep software up to date: Regularly update your device’s operating system and apps to ensure you have the latest security patches and protections against known vulnerabilities.

As the popularity of Meta’s Threads app continues to rise, attackers are capitalizing on the excitement to carry out malicious activities. By creating a large number of suspicious domains, they aim to deceive users and distribute malware. It is crucial for users to remain vigilant, download apps only from trusted sources, and be cautious of suspicious links. 

Get your security controls assessment now


Recommended Articles

Subscribe to our BLOG

Get the latest security insights, news and articles delivered to your inbox.

Product

Product Overview

Maximize security posture while ensuring business uptime

Odin

AI-Powered Contextual Cybersearch

Automated Security Controls Assessment

Validate your security control

Integrations

Connect Veriti with your security solutions

Use Cases

Agentless OS-Level Remediation

Proactively safeguard your systems directly at the OS-Level on the endpoint

Vulnerability Remediation

Safely remediate vulnerabilities in one click

Business Continuity

Reduce alert fatigue. Increase Security Effectiveness

MISCONFIGURATION MANAGEMENT

Proactively neutralize misconfigurations to minimize exposure risks

Mobilizing Threat Remediation

Identify and mobilize threat remediation across the security stack automatically.

GENERATIVE AI SECURITY

Chat with your environment to cut MTTR times drastically

Solutions

Safe Remediation

Ensure remediation actions do not give rise to additional exposures

MITRE ATT&CK®

Quickly respond to live threats with safe and precise remediation

VERITI FOR Enterprises

Increase business outcomes

VERITI FOR MSSPs

Efficiently manage multiple clients in a consolidated platform

VERITI FOR HEALTHCARE

Neutralize security gaps without impacting healthcare operations

VERITI FOR MANUFACTURING

Protect the heart of your production processes

SEC AND THE BUSINESS

A security pro’s guide to exposure assessments and remediation

 

Read Whitepaper >>

Resources

See all resources

Blog

Veriti's security blog

Downloads

The latest guides, white papers and infographics

Events

Live event and on-demand webinars

Glossary

Our Comprehensive Definitions Guide

MASTERING MODERN OS-LEVEL SECURITY: THE AGENTLESS APPROACH

WATCH NOW>>

Our Story

Learn about Veriti

Careers

Work with us

Newsroom

Our latest updates

Contact US

Get in touch

CHANNEL PARTNERS

Become a partner

MSSPs

Reduce operational costs