"The attack chain is as follows: the threat actors masquerade as "Signal Support" or a support chatbot named "Signal Security ChatBot" to initiate direct contact with prospective targets, urging them to provide a PIN or verification code received via SMS, or risk facing data loss. Should the victim comply, the attackers can register the account and gain access to the victim's profile, settings, contacts, and block list through a device and mobile phone number under their control."
"While the stolen PIN does not enable access to the victim's past conversations, a threat actor can use it to capture incoming messages and send messages posing as the victim. That target user, who has by now lost access to their account, is then instructed by the threat actor disguised as the support chatbot to register for a new account."
State-sponsored threat actors are targeting high-ranking officials, military and diplomatic personnel, and investigative journalists in Germany and Europe with phishing attacks on Signal. The campaign avoids malware and platform exploits, instead abusing legitimate Signal features to gain covert access to accounts. Attackers pose as 'Signal Support' or a 'Signal Security ChatBot' and trick victims into revealing SMS verification PINs or verification codes, allowing registration of the account on attacker-controlled devices and numbers. Stolen PINs let attackers capture incoming messages and impersonate victims; victims lose account access and are coerced to create new accounts. Device-linking QR code techniques are also used.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]