Interest in the Threads network is used for phishing

The rapid growth in popularity of the new social network Threads has led to an increase in phishing resources both in the .com and .ru zones. Fraudsters offer to install the application through unofficial channels and promote the services of “cheating” subscribers. In the first week of July, users searched for Threads more than 240,000 times in Yandex alone, and the application remains the most downloaded in marketplaces, which increases the risk of new users becoming a victim of intruders. Businesses that are actively registered on the network can also suffer from attacks, experts believe.

Cybersecurity experts interviewed by Kommersant found a sharp increase in fraudulent resources related to the Threads social network launched on July 6. In Kaspersky Lab, Kommersant was told that the attackers took advantage of the growing popularity of Threads: the company identified fraudulent resources with which you can supposedly “cheat” subscribers on the new social network for free.

“At the final stage, people are invited to participate in the prize draw, for which they need to make a payment, as a result, users lose money,” says Olga Svistunova, Senior Content Analyst at Kaspersky Lab. In another scheme, scammers offer to invest in the Threads Coins cryptocurrency, which does not exist, the expert adds.

Foreign analysts also drew attention to the problem. Veriti (Unified Security Management Platform) on July 10 announced the appearance in the .com zone of sites offering to install the Threads application on user devices. The resources are redirected to Google Drive, from where the user downloads the malware-infected APK file. As Cointelegraph reported, fake accounts of projects working with cryptocurrency also began to appear on the new social network.

FACCT (formerly Group-IB) confirms that new domains allegedly related to Threads have begun to appear in the Russian segment of the network: “23 new resources are visible so far.” The company warns that the resources “are unofficial and look like information, which means that they can be used for phishing in the near future.”

A similar wave of attacks occurred, for example, against the background of the growing popularity of the Clubhouse social network in early 2021: then invitations to the platform began to be sold and fakes for the application infected with a virus appeared (see Kommersant dated February 17, 2021).

The Threads platform was created by Meta (owns Facebook and Instagram, recognized as extremist in Russia and banned), the service application is available in the Russian segments of the App Store and Google Play stores, but from the Russian Federation it can only be used via VPN. Since July 8, Threads has consistently ranked first in the overall rating of free app downloads in Russian marketplace segments, according to Sensor Tower.

Threads is positioned as an application associated with Instagram and shares an account system with it. The site was created in the image of the Twitter microblogging service. Meta CEO Mark Zuckerberg reported 70 million signups to Threads on July 8.

For the week from July 3 to July 7, Threads in Yandex were searched for more than 249 thousand times with a typical request popularity of 30 thousand per week, follows from the information of the Yandex.Word Selection service (no newer data). The peak of the popularity of Threads in Google search in the Russian Federation fell on the day of release, on July 8, it was 64% of the maximum, according to Google Trends data.

Evgeny Pankov, project manager at the Coordination Center for .RU/.RF domains, notes that the availability of the application only under VPN can slow down the interest of Russians in Threads: attacks on VKontakte and Telegram. But this does not negate the fact that in the Russian Federation, scammers will try to cash in on the new social network.”

Informzaschita is already working on new rules for the cyber threat monitoring center: “The main threat may be effective phishing both on ordinary users and in the corporate segment, especially if the registration of business accounts also grows.” Among the Russian companies that have already started working in Threads, for example, Yandex, VK, M.Video, Aviasales and others.

Tatiana Isakova, Yuri Litvinenko