Hackers Target Signal Users’ Backups in Sophisticated Phishing Scheme
In a recent wave of cyberattacks, hackers are impersonating Signal’s support team to deceive users into divulging their recovery keys, thereby compromising their chat backups. This tactic was highlighted when Washington Post analyst Josh Rogin shared a screenshot of a phishing message that falsely claimed users’ backups were at risk due to a synchronization issue. The message urged recipients to share their recovery key to prevent data loss.
Rogin noted that several activists opposing the Chinese Communist Party received these deceptive messages, indicating a targeted approach. However, Mohammed Al-Maskati, director at Access Now’s Digital Security Helpline, reported that individuals outside this activist group have also been targeted, suggesting a broader scope of the campaign.
The effectiveness of this phishing scheme remains uncertain. Al-Maskati emphasized that obtaining a user’s recovery key is just one step; attackers would still need to gain control over the victim’s account to access the backups.
Phishing attacks like these exploit users’ trust by masquerading as legitimate entities. In this instance, hackers are leveraging the credibility of Signal’s support team to manipulate users into revealing sensitive information.
Signal has clarified that it will never initiate contact with users to request registration codes, PINs, or recovery keys. Any unsolicited message claiming to be from Signal Support is likely a phishing attempt. The organization has previously warned users about such deceptive practices.
This incident underscores the evolving nature of cyber threats targeting secure communication platforms. Users are advised to remain vigilant, verify the authenticity of messages, and refrain from sharing sensitive information without proper verification.
