by Naomi Yusupov

To Thread or Not to Thread: A Cybercriminal’s Dilemma

Examining How Threat Actors are Targeting (or Not) Meta’s New Conversation App

About three weeks ago, on July 4, Meta launched its new conversation app Threads, presenting a viable threat to Twitter, whose user loyalty has continually dropped over the past several months. In its first week, Threads became the fastest growing app of all time and already has nearly one-quarter the number of active users as Twitter. Since its blockbuster release, Threads has seen its user base drop somewhat and a decrease in user engagement in the U.S., going from an average 21 minutes a day to six minutes a day. Still, Threads is posing a tremendous challenge to Twitter’s weakened dominance in the social media sphere.

Given the attention and hype surrounding Threads, I wanted to find out what threat actors think of the new platform and how they might be targeting users and content for malicious activities. My research led to three main findings, which are described below.

1. Data privacy protections are vague
Some data privacy experts stress concerns about the amount and type of personal data the platform collects, such as individual users’ location, financial information, browsing history, and even health and fitness information. The fact that Meta is holding off on launching Threads in the EU given its stricter data privacy regulations could also be seen as a data privacy red flag, especially given that Meta has been in hot water in the past for numerous violations.

Kaspersky blogA link to a Kaspersky blog post was shared on a Telegram Channel discussing the privacy concerns of the Threads App.

2. Fraud and hacking services of the new app were quickly offered

My research on underground cybercriminal forums and marketplaces shows that hackers for hire were quick to advertise their Threads-targeted services. These services range from selling fake likes and followers, to selling bots services for the platform. Others jumped at the new opportunity and impersonated crypto Twitter users, exploiting Thread’s low security measures for scammers.

Below are a few examples of these promoted offerings, which appeared on dark web sources within 24 hours of the app’s launch.

Threads app services for saleA post on a malicious Telegram group selling Threads app services within 3 days after the app was launched.

Threads-targeted fraudulent activityA threat actor offers new Threads-targeted fraudulent activity services in a dark web forum.

3. Early adopters in the cybercrime realm are slow to arrive

While we see some activities by early adopter threat actors, they are not flocking to take advantage of Threads in mass numbers as they’ve done with Mastodon and other Twitter-like alternatives in the past. Additionally, underground discussions about the new platform are somewhat negative among threat actors, indicating that they are taking a wait-and-see approach.

Threads RatingThreads reviewsUnderground discourse demonstrating skepticism and uncertainty about the viability of Threads.


Threads is still in its infancy and much has yet to be revealed - both in terms of user numbers and engagement, and how much cybercriminals will target the conversation app. But it’s clear that the social platform is one to watch from a data privacy standpoint as well as to understand how users can be targeted when using the app. We’ll continue to report on this platform as the situation evolves over the coming months.

You may also like

Analyst looking at multiple monitors

July 11, 2024

Chinese APT40 Hackers Hijack SOHO Routers: Unleashing Cyber Espionage Attacks

Read more
Abstract digital landscape with flowing lines of glowing binary code in blue and orange, representing data streams and modern technology.

July 08, 2024

CVE-204-6387 Poses Risk to Organizations Relying on OpenSSH’s Server (sshd)

Read more
CSG-IQ vs ChatGPT-Thumbnail

June 12, 2024

Navigating AI: Comparing ChatGPT to Cybersixgill IQ

Read more