"“Dear User, this is Signal Security Support ChatBot. We have noticed suspicious activity on your device, which could have led to data leak,” read a message he received on his Signal account. “We have also detected attempts to gain access to your private data in Signal,” the message claimed. “To prevent this, you have to pass verification procedure, entering the verification code to Signal Security Support Chatbot. DON'T TELL ANYONE THE CODE, NOT EVEN SIGNAL EMPLOYEES.”"
"The hackers' strategies were to impersonate Signal, warn of bogus security threats, and try to trick targets into giving the hackers access to their account by linking it to a device controlled by the hackers. Those techniques were exactly the same as those seen in a wider campaign that the U.S. cybersecurity agency CISA, the United Kingdom's cybersecurity agency, and Dutch intelligence, have all warned of the attacks, and blamed on Russian government spies."
"Obviously, Ó Cearbhaill, who heads Amnesty International's Security Lab, immediately recognized that this was an “unwise” attempt at hacking his Signal account. Instead, he thought it'd be a good opportunity to jump into an unexpected investigation. The researcher told TechCrunch that until then, he had “never knowingly” been targeted with a one-click cyberattack or a phishing attempt like this before."
"“Having the attack land in my inbox, and the chance to turn the tables on the attackers and understand more about the campaign was too good to pass up,” he said. As it turned out, the attempted attack on Ó Cearbhaill was likely part of a wider hacking campaign targeting a large group of Signal users."
A security researcher received a Signal message claiming suspicious activity and attempts to access private data. The message instructed the recipient to complete a verification procedure by entering a code into a “Signal Security Support ChatBot,” with a warning not to share the code. The researcher recognized the prompt as an unwise hacking attempt and used it to investigate the campaign. The attempted attack appeared to be part of a broader phishing campaign targeting many Signal users. The attackers impersonated Signal, issued bogus security warnings, and tried to obtain access by linking the victim’s account to a device controlled by the attackers. Similar tactics were previously warned about by multiple cybersecurity and intelligence organizations, with blame attributed to Russian government spies.
#signal-phishing #account-takeover #verification-code-scams #spyware-and-cyberattacks #russian-linked-hacking
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]