Examining How Threat Actors are Targeting (or Not) Meta’s New Conversation App
About three weeks ago, on July 4, Meta launched its new conversation app Threads, presenting a viable threat to Twitter, whose user loyalty has continually dropped over the past several months. In its first week, Threads became the fastest growing app of all time and already has nearly one-quarter the number of active users as Twitter. Since its blockbuster release, Threads has seen its user base drop somewhat and a decrease in user engagement in the U.S., going from an average 21 minutes a day to six minutes a day. Still, Threads is posing a tremendous challenge to Twitter’s weakened dominance in the social media sphere.
Given the attention and hype surrounding Threads, I wanted to find out what threat actors think of the new platform and how they might be targeting users and content for malicious activities. My research led to three main findings, which are described below.
1. Data privacy protections are vague
Some data privacy experts stress concerns about the amount and type of personal data the platform collects, such as individual users’ location, financial information, browsing history, and even health and fitness information. The fact that Meta is holding off on launching Threads in the EU given its stricter data privacy regulations could also be seen as a data privacy red flag, especially given that Meta has been in hot water in the past for numerous violations.
A link to a Kaspersky blog post was shared on a Telegram Channel discussing the privacy concerns of the Threads App.
2. Fraud and hacking services of the new app were quickly offered
My research on underground cybercriminal forums and marketplaces shows that hackers for hire were quick to advertise their Threads-targeted services. These services range from selling fake likes and followers, to selling bots services for the platform. Others jumped at the new opportunity and impersonated crypto Twitter users, exploiting Thread’s low security measures for scammers.
Below are a few examples of these promoted offerings, which appeared on dark web sources within 24 hours of the app’s launch.
A post on a malicious Telegram group selling Threads app services within 3 days after the app was launched.
A threat actor offers new Threads-targeted fraudulent activity services in a dark web forum.
3. Early adopters in the cybercrime realm are slow to arrive
While we see some activities by early adopter threat actors, they are not flocking to take advantage of Threads in mass numbers as they’ve done with Mastodon and other Twitter-like alternatives in the past. Additionally, underground discussions about the new platform are somewhat negative among threat actors, indicating that they are taking a wait-and-see approach.
Underground discourse demonstrating skepticism and uncertainty about the viability of Threads.