Researchers at Veriti have observed hundreds of spoofed domains following Meta’s launch of its Threads social media platform.
“In recent weeks, we have observed a surge in the creation of suspicious domains, with over 700 domains related to Threads being registered daily,” the researchers write. “These domains pose a significant risk as they can be used to deceive users, distribute malware, and lure unsuspecting individuals into downloading untrusted versions of the app.”
Some of the domains are already being used to distribute malicious APKs that pose as the Threads app. Users should always be wary when downloading apps from third-party app stores.
Veriti offers the following advice to help users thwart these attacks:
- “Download from trusted sources: Only download the Threads app from official app stores, such as the Apple App Store or Google Play Store, to ensure you are accessing the genuine version.
- “Be cautious of suspicious links: Avoid clicking on links shared through unverified sources, emails, or unfamiliar websites, as they may lead to malicious websites or downloads.
- “Verify domain authenticity: Pay close attention to the domain name of any Threads-related websites you visit. Be wary of domains that have spelling variations or lookalikes designed to deceive users.
- “Keep software up to date: Regularly update your device’s operating system and apps to ensure you have the latest security patches and protections against known vulnerabilities.”
“As the popularity of Meta’s Threads app continues to rise, attackers are capitalizing on the excitement to carry out malicious activities,” the researchers write. “By creating a large number of suspicious domains, they aim to deceive users and distribute malware. It is crucial for users to remain vigilant, download apps only from trusted sources, and be cautious of suspicious links. “
New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for social engineering attacks.
Here's how it's done:
