Meta’s Threads app used as a lure

It was to be expected: As the buzz around Meta’s new microblogging platform Threads gained momentum, some individuals have stepped in to take advantage of the fact that the app still can’t formally serve users in the European Union (or China, or Russia).

About Threads

Threads – whose full name is “Threads, an Instagram app” – is an app created by Meta’s Instagram team and to use it you have to have an Instagram account.

That, and the fact that Threads collects a myriad of potentially sensitive information and that Meta is likely aiming to combine that information with that collected via Instagram and Facebook for targeted advertising, have stopped the company from launching it in the EU, which has very specific and limiting data privacy and antitrust laws. (The app reportedly even stops working for some users who travel to the EU.)

User data collected by Threads (Source: Apple’s App Store)

But that hasn’t stopped EU citizens from trying to download it and create profiles on the platform.

Even though the app is unavailable for download in official European Android and iOS app stores, there are ways around that roadblock. There are also ways to use Threads on desktop computers, despite the app not having been ported to those platforms.

Threads has gained 110 million users since its release on July 5, 2023, but the huge demand and the aforementioned barriers have created a fertile ground for potentially malicious individuals.

Exploiting the Threads brand

Apps exploiting the Threads brand have been popping up on Apple’s App Store, confusing users into downloading them.

Mysk security researchers have noted that, after repeated complaints, Apple recently took down one of those and has suspended the account of the developer (Tel Aviv-based SocialKit Ltd).

Named “Threads for Insta”, the app has managed to rack up over 300,000 downloads in a few days. According to TechCrunch, it was a content generator that allowed users to make posts via AI-powered models. There’s no mention of it being outright malicious, but the developer did misuse the Threads brand to make the app more “downloadable”.

Researchers with cybersecurity startup Veriti are also warning about “over 700 domains related to Threads being registered daily” in recent weeks, offering an Android version of the app for download outside of Google’s official app store – often from a cloud-based file hosting service such as MediaFire or third-party app stores.

Potential malicious domain exploiting the Threads brand (Source: Veriti)

The Veriti research team told Help Net Security that they have not detected any malicious activity within the apps offered for download on these domains, but that they are monitoring the situation to see if the file version/payload will be changed by the site owners.

Advice for users

Scammers are quick to exploit the popularity software products to push malware on or steal credentials and other sensitive info from users.

The most recent example of this modus operandi happened earlier this year, when they took advantage of the AI trend and users’ demand for ChatGPT to push:

• Fake mobile apps that fleece users
• Chrome extensions that hijack Facebook accounts
• A fake ChatGPT desktop client that steals Chrome login data
• Information-stealing malware and phishing pages

Users are advised to be very careful what they download and from where.

Official app stores should be the preferred sources – though, as seen in the above example, even they can harbor unwanted or malicious lookalikes, so you should make sure the Threads app you’re downloading comes from Meta/Instagram and not third-party developers.