Andreas Prott - stock.adobe.com
Malicious URL volumes soar as cyber criminals pull on Threads
Malicious actors have been quick to exploit the buzz around Meta’s newly launched Threads platform, with thousands of new suspicious domains registered exploiting its branding
Cyber fraudsters and scammers are already attempting to exploit last week’s launch of Meta’s latest social media venture, a “Twitter-killer” called Threads, to conduct phishing attacks and distribute malwares, according to analysis conducted by Veriti, a cyber security infrastructure startup founded by ex-Check Point execs, which launched out of stealth last year.
Veriti’s team said they had seen a surge in the creation of suspicious domains in the periods immediately before and after Threads launched, with more than 700 being registered around the world every day.
“These domains pose a significant risk as they can be used to deceive users, distribute malware and lure unsuspecting individuals into downloading untrusted versions of the app,” wrote Veriti marketing vice-president Yair Herling.
The Veriti team has compiled a list of suspicious domain lookalikes – all of which were registered on Monday 10 July – that use some variation on the Threads theme to trick users.
These include threads[.]ovh, threadsfollower[.]org, metathreads[.]social, threadsapp[.]shop and threadsinstagram[.]app. Many more are known to exist.
One example documented by the Veriti team is threadsappz[.]com, which was registered a few days ago, and at first glance would appear to offer the Android version of the Threads app to download. It does not, however, source the download from the Google Play store. Rather, it redirects to a Google Drive account from which an APK file can be downloaded.
There is no legitimate reason for any third-party to insert themselves into the supply chain and offer this service in such a way – given Threads is safely and readily obtainable via either the Android or iOS app stores – so this file almost certainly contains malware.
Cyber hygiene
As ever, protecting oneself from phishing websites or malware is a relatively simple affair. People looking to try out Threads for themselves should only ever download it from the Apple App Store or Google Play Store; avoid clicking on any links to Threads shared through an unverified source such as an email or an unknown website; be wise to variations and spelling mistakes in domain names; avoid entering any credentials to online services or financial details on any unknown or untrusted websites; and update their mobile device’s operating system and applications to be sure that if something does get through, the chances of it doing damage are lessened.
“As the popularity of Meta’s Threads app continues to rise, attackers are capitalising on the excitement to carry out malicious activities,” wrote Herling. “By creating a large number of suspicious domains, they aim to deceive users and distribute malware. It is crucial for users to remain vigilant, download apps only from trusted sources and be cautious of suspicious links.”
Read more about Meta
- The EU Court of Justice has issued a significant judgment against Meta, ruling that national anti-trust bodies can investigate GDPR breaches, disrupting the platform’s entire basis for carrying out targeted advertising.
- Meta’s Twitter competitor makes its debut and signs up millions of users in just 12 hours, but concerns over compliance with the EU’s Digital Markets Act have sunk a pan-European launch for now.
- Until the new EU-US Data Privacy Framework is established, Meta's €1.2bn fine should serve as a warning to US businesses handling EU personal data.
New Threads users should also make themselves familiar with the service’s data and privacy policy, and be aware the app collects significant amounts of data. It is also worth noting that its parent organisation, Meta, chose not to launch Threads in the European Union (EU) given the possible impact of future data protection legislation.
Damir Brescic, chief information security officer of US-based risk management specialist Inversion6, said that security leaders should think twice before allowing Threads to be downloaded to an enterprise device.
“There are … possible data privacy and cyber security risks that issues that I can see,” he said. “An example of this would be that Threads does not encrypt messages providing an opportunity for hackers, and users are required to have a Facebook (Meta) account to use the platform.
“Overall, the Threads app does not have a stated policy for informing its users about any security breaches, leading them vulnerable in the instance of an attack. For the reasons denoted above, I would caution organisations to think carefully before allowing the use of the Threads app. I would recommend doing further research before downloading and using this app, to understand the possible impact and risk it could pose to your company from a data privacy standpoint.”
Security teams may have a job on their hands, however, for in many organisations, the social media and marketing team has already climbed aboard the Threads bandwagon.
Indeed, early data suggests that for many of the world’s biggest brands, Threads is providing a welcome boost to online customer engagement in its first flush of youth.
The WebsitePlanet research team found that in the 48 hours following Threads’ launch on the evening of 5 July, 87% of the 30 most active brands across both platforms were generating significantly more engagement on Threads.
Identical posts on Twitter and Threads by the Red Bull account, which has 1.99 million Twitter followers and 300,000 Threads followers, generated 83 likes and 7 replies on Twitter, but 1,934 likes and 107 replies on Threads, the team said.
