Signal Users Targeted By New Phishing Attack Exploiting Linked Devices Feature

Cybercriminal groups are stepping up their efforts to infiltrate accounts on Signal, a secure messaging app used by journalists, activists, and others at risk of surveillance.

These cybercriminal groups are taking advantage of a feature on Signal that allows users to connect the app to multiple devices at once, aiming to gain unauthorized access to conversations without the need to break into the target’s device directly, as first reported by the Google Threat Intelligence Group (GTIG).

Signal, known for its strong encryption, has long been a popular choice for people concerned about privacy, including military personnel, politicians, and journalists. But this also makes it a prime target for cyberattacks.

The article claims that a new wave of attacks is believed to have started due to the ongoing war in Ukraine, where Russia has a clear interest in intercepting sensitive communications.

A key technique being used by these attackers is exploiting Signal’s legitimate “linked devices” feature, which allows users to access their Signal account on more than one device.

Typically, linking a device requires scanning a QR code, but hackers have been creating malicious QR codes that, when scanned, link a victim’s account to an attacker-controlled device.

The researchers explain that once the attacker has linked their device, they can access real-time conversations without being detected.

In some cases, these attackers have crafted fake Signal group invites, security alerts, and even military-specific messages to trick users into scanning the malicious QR codes. They’ve also used phishing pages disguised as applications related to the Ukrainian military.

The low-key nature of this method makes it difficult to detect, and if successful, it can provide long-term access to secure communications.

The researchers say that even more concerning, this approach doesn’t require hackers to fully compromise the victim’s device, which means they can eavesdrop on conversations for extended periods without raising suspicion.

While the attacks have mainly targeted Ukrainian personnel, they have also been used against other individuals of interest to Russia. And while the focus has been on Signal, similar tactics are also being used against other messaging apps, like WhatsApp and Telegram.

GTIG says that Signal has responded by strengthening security features in recent updates, encouraging users to upgrade their app to help defend against these threats.