As the excitement around Meta’s new microblogging platform Threads continues to grow, opportunistic individuals have started taking advantage of the app’s unavailability in certain regions such as the European Union (EU), China, and Russia.
Threads, also known as “Threads, an Instagram app,” is an application developed by Meta’s Instagram team. To use it, users must have an Instagram account. However, the app collects a wide range of potentially sensitive information, and Meta likely intends to combine this data with that collected through Instagram and Facebook for targeted advertising. These concerns regarding privacy and antitrust laws in the EU have prevented the company from launching Threads in the region. In fact, the app reportedly stops working for some users who travel to the EU.
Despite these restrictions, some EU citizens have attempted to download the app and create profiles on the platform. Although the app is not available for download in official European Android and iOS app stores, there are ways to bypass this obstacle. Additionally, some users have found ways to use Threads on desktop computers, even though the app has not been officially ported to those platforms.
Since its release on July 5, 2023, Threads has already attracted 110 million users. However, the high demand and the aforementioned barriers have created a fertile ground for potentially malicious individuals.
Exploiting the popularity of the Threads brand, several apps impersonating Threads have appeared on Apple’s App Store, causing confusion among users. After receiving numerous complaints, Apple recently took down one of these apps and suspended the account of the developer, Tel Aviv-based SocialKit Ltd. Named “Threads for Insta,” the app accumulated over 300,000 downloads within a few days. According to TechCrunch, it was a content generator that allowed users to make posts using AI-powered models. While there is no evidence of it being explicitly malicious, the developer misused the Threads brand to increase the app’s download count.
Furthermore, cybersecurity startup Veriti has issued a warning about over 700 domains related to Threads being registered daily in recent weeks. These domains offer an Android version of the app for download outside of Google’s official app store, often using cloud-based file hosting services such as MediaFire or third-party app stores. Veriti researchers have not detected any malicious activity within the apps offered for download on these domains. However, they are closely monitoring the situation to identify any changes made by the site owners to the file version or payload.
Given the popularity of software products, scammers are quick to exploit these trends to distribute malware or steal sensitive information from users. It is crucial for users to exercise caution when downloading software and to be mindful of the source. While official app stores are generally reliable, as demonstrated by the Threads impersonation incident, they can still harbor unwanted or malicious lookalike apps. Therefore, users should ensure that they are downloading the Threads app directly from Meta/Instagram and not from third-party developers or unofficial sources.
In conclusion, the demand for Meta’s Threads app has led to the emergence of malicious actors attempting to take advantage of its limited availability in certain regions. Users need to exercise caution, stick to verified sources, and be aware of potential impersonations to protect their devices and personal information from harm.