Threads, the new text-based social network that sparked a clash between tech giants Mark Zuckerberg and Elon Musk, has not escaped the attention of cybercriminals. Developed by Meta under the code name “Project 92” and launched on 6 July 2023, "Threads" appeared in 1,243 domain names in the last 30 days. Here we present the results of the analysis of our dedicated R&D team, HUB 53, using our AI-driven domain classification tool in Cyber X-Ray.
July 2023 marked a significant milestone in the history of the internet as Threads, the new Twitter-like text-based social network developed under the code name Project 92 by the Meta team, made waves. Following user complaints against Twitter, which was acquired by Elon Musk and rebranded as X, Threads garnered over 100 million users within the first week, breaking ChatGPT’s record. The social media application, open to Instagram users with a simple registration, generated such an enormous buzz that it even sparked debates about Elon Musk and Mark Zuckerberg engaging in a cage fight. Despite the sharp decline in the number of daily active users within a span of three weeks, Threads became a notable phenomenon that did not go unnoticed by cybercriminals. Striving to use this trend in their favour, cybercriminals started to register domains incorporating the word “Threads”, turning it into “threats” that could pose serious risks to Threads users.
We, at HUB 53, have previously shared the results of our analysis using our AI-based threat intelligence tool, Cyber X-Ray, to demonstrate how cybercriminals could abuse ChatGPT as one of the most successful and efficient artificial intelligence tools. In this post, we present the results of our new research where we examined the domains registered using the term “Threads”.
We used Cyber X-Ray to analyse all domains on the Internet incorporating the word “Threads” registered within a one-month period. Built on DNSSense’s in-house technology, Cyber X-Ray is the industry leading threat intelligent database based on independent user evaluations. Using AI and machine learning, it classifies all Internet domains according to their historical and relational data to identify potentially harmful domains. It is also the engine that drives DNSSense’s two other solutions: DNSDome and DNSEye.
According to the findings, the number of domains incorporating the term “Threads” that were recently registered by cyber attackers to exploit the rising popularity of the social media platform stood at 1,243, of which 1,073 were active.
1 in 10 domains is malicious
Among the domains registered within the last 30 days including the word “Threads”, 172 were classified as malicious domains by Cyber X-Ray. In other words, 13.83% of all registered domains were found to be malicious. This data indicates that one in 10 domains could be used in attacks such as identity theft and phishing.
‘.com’, ‘.net’, and ‘.app’ top the extension list
Classifying the registered domains according to extension, we saw that ‘.com’ was used in 124 domains, ‘.net’ in 34, and ‘.app’ in 3 domains. In addition, the ‘.co.uk’ and ‘.xyz’ extensions were used in 2 domains each.
Registration through the world’s popular registrars!
Well-known registrars in the world are used by potential cybercriminals to register their domains. Out of the domains registered using the word “Threads”, 273 were registered through GoDaddy, 108 through Google, 100 through NameCheap, and 76 through TUCOWS.
916 risky domains were registered in the last 30 days
Over the 30-day period, the majority of domains containing the word “Threads” were deemed risky according to Cyber X-Ray analysis with 916 instances, while an additional 273 domains were identified as parked.
Top countries hosting malicious domains
The USA, Canada, Germany, Israel, and Australia were the countries hosting the highest numbers of malicious domains. The USA is at the top with 748 domains, followed by Canada with 201 domains, Germany with 31 domains, Israel with 21 domains, and Australia with 12 domains.
The number of domains redirecting to malicious domains
Malicious actors can redirect the domains they register to different domains, taking advantage of prevailing trends that achieve widespread popularity, such as Threads. Cyber X-Ray analyses revealed that 102 of the 1,243 domains were redirected to another domain, and 5 domains to a directly malicious domain.
What are the cyber risks caused by Threads?
Threads has been positioned as a social media platform where Meta users can easily log in using their Instagram credentials; hence, it gives the impression of a closed circuit. Despite providing a secure environment, Threads remains a topic of discussion regarding the steps it will take to combat fake accounts and the distribution of spam. When examined independently from the Meta ecosystem, the impacts of the threats amplify slightly based on the analyses conducted by Cyber X-Ray. This is a consequence of cyber attackers posing risks such as misleading users, spreading malware, and encouraging users to download unreliable and malicious clone versions of the software. While Threads is a secure application available in iOS and Android stores, there is still a concern regarding fake applications that can be downloaded from malicious domain redirections, potentially leading to the theft of sensitive personal information.
We, at DNSSense, advise Internet users to exercise extra caution about the rapidly growing global Internet trends so as not to fall victim to potential threats and malicious activities. By staying informed, practicing safe browsing habits, and utilising reliable security tools, users can reduce the risk of falling prey to cyberattacks and safeguard their sensitive information.