Hackers are targeting Signal users to steal chat backups through a phishing campaign. Messages impersonate Signal Support and claim backed-up chats and media are at risk of permanent loss due to a sync issue. The message instructs recipients to share the recovery key used to access online backups to prevent loss. The message warns that failure to link the backup to the account may result in losing access to stored data. The campaign has reached anti-Chinese Communist Party activists and other individuals, suggesting broader targeting or multiple groups using the same method. Even if recovery keys are obtained, attackers still must take over the victim’s account. The attack depends on tricking targets into revealing private information.
"This links your existing backup to your account. Failure to do this may result in losing access to your account and all stored data," read the message purporting to come from an account called Signal Support."
"If you get this message on Signal, do not follow the instructions. Many anti-CCP activists have also received this phishing attempt. Beware and be aware. pic.twitter.com/8J1YDcpUAX- Josh Rogin (@joshrogin) May 27, 2026"
"Al-Maskati said that the two are not Chinese activists. This suggests that the hacking campaign could be more widespread and targeting other communities, or there may be different groups of hackers using the same strategy."
"Al-Maskati said that stealing the victim's recovery keys for their chat backups is only one step in the attack, and that the hackers still have to take over the victim's account."
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]