Replica apps of Meta’s new platform Threads have emerged on unauthorised app stores as cybercriminals look to capitalise on the new app’s popularity to commit identity theft, steal sensitive information, and take advantage of users in the EU where the app is not yet accessible.
Users are being tricked into downloading fake apps in a tactic scammers use to install potentially malicious software and gain access to login information, among other credentials, a cybersecurity expert told Arabian Business.
“This has been exacerbated in the case of Threads, as the app remains unavailable in the EU. Consequently, some individuals within the EU have turned to unauthorised app stores as a means to gain access to the app, inadvertently putting themselves at risk,” said Nicolai Solling, Chief Technology Officer at cybersecurity firm Help AG.
Meta launched the Twitter clone app on July 6 and managed to garner an impressive 100 million users within only five days, marking the most rapidly subscribed to application in social media history.
“Social engineering attacks tend to exploit newsworthy topics that capture the broader society’s interest, and Threads is no exception. Malicious actors weaponise such subjects to manipulate unsuspecting individuals.”
Solling said that these methods are not new, as we have seen them exploit trending topics and events in the newscycle such as COVID-19, cryptocurrency, Black Friday sales, and now Threads.
To reel consumers in, scammers could send users a seemingly innocuous message such as “Check out my conversation on Threads!” with a link that downloads malware onto their device once clicked.
In less than 3 weeks since its launch, scammers have unleashed phishing pages imitating the social network to collect data, a new cryptocurrency called “Threads Coin”, and promises to help users generate large numbers of followers subject to payment, a report released last week found.
“We are talking about one of the largest, if not the largest social media company, in the world, with over 77 percent of internet users – around 3.59 billion people – active on at least one Meta platform… Data privacy will always be on the forefront of concerns for this social media behemoth.”
Solling warned that users need to be more careful online to avoid falling victim to such scams.
“In the next weeks and months, we may see certain capabilities on Threads being misused by attackers, which Meta will have to address,” he added.
Threads collects “a lot of information about its users,” cybersecurity expert Sergey Belov, Head of Application Security Group, Positive Technologies told Arabian Business.
“The app requests access to various data including contacts, location, search history, etc. This is in line with Instagram’s privacy policies,” Belov explained, “Ultimately, security and privacy in the online environment are important issues, and each user must make their own decisions about which apps and services to use and whether to share personal information with them.”
Rob Sherman, Vice President and Deputy Chief Privacy Officer for Policy at Meta, took to Threads to address some concerns that had been raised since its launch. He discussed the privacy labels used in the app store, emphasizing that the platform, like other social apps under the Meta umbrella, collects user data based on what is shared within the application.
“How we landed on Threads’s app store privacy labels. The labels are similar to the rest of our apps, including Instagram, in that our social apps receive whatever info (including the categories of data listed in the App Store) you share in the app. People can choose to share different kinds of data. Meta’s privacy policy, and the Threads supplementary privacy policy, are the best resources to understand how Threads uses and collects data,” he said in a post on the platform.
Though Meta launched the new app in 100 countries, it is still not available in the EU due to regulatory concerns. The repercussions of this decision have raised concerns, as Threads replica apps continue to proliferate, attempting to exploit users who eagerly anticipated the official launch in the EU.
“Data privacy regulations like the GDPR largely arose in response to the proliferation of social media apps collecting massive amounts of user data,” Solling said.
Sherman also addressed the matter of Threads’ absence from the EU market confirming that the “the app does meet GDPR requirements today” and “in the face of this uncertainty,” additional regulatory conditions that remain ambiguous necessitated a more cautious approach.
Meta declined Arabian Business’ requests for comment on the matter.
Threads in potential violation of EU’s GDPR
The expert warnings against Threads replica apps serve as a wake-up call to social media users in the EU, urging them to exercise greater caution when downloading or using any new applications.
Cybersecurity experts declined to comment on the potentiality of Meta’s Threads app being in violation of the EU’s General Data Protection Regulation (GDPR) framework.
However, sources at Meta told the Guardian earlier this month that regulations were behind the app’s launch being postponed in the bloc, amid a series of clashes between both parties. It is understood that the main issue was the implementation of the EU’s Digital Markets Act, which contains provisions on sharing data across different platforms. As a result of this, Meta is still waiting for further clarification from the European Commission on how the regulatory framework will be implemented before considering the next steps.
Multiple EU users have been trying to access the app by using a VPN, to no avail. Meta has confirmed that it is blocking such efforts, according to TechCrunch.
“Threads is not currently available in most countries in Europe and we’ve taken additional steps to prevent people based there from accessing it at this time. Europe continues to be an incredibly important market for Meta and we hope to make Threads available here in the future,” Meta said in a statement to TechCrunch earlier this month.
Follow us on
