Signal hit by phishing attacks targeting users' backups
What's the story
Signal, the popular encrypted messaging app, is facing a new wave of phishing attacks. According to TechCrunch, hackers are impersonating the app's support team and warning users that their backed-up chats and media could be permanently lost due to a sync issue. The malicious message asks users to share their recovery key, the one used to access online backups in chat, with the hackers, to avoid this loss.
Attack strategy
Phishing message warns users about potential data loss
The phishing message, allegedly from an account called Signal Support, reads, "This links your existing backup to your account. Failure to do this may result in losing access to your account and all stored data." Mohammed Al-Maskati, director at Access Now's Digital Security Helpline, told TechCrunch that two people had shared similar messages with him. While they were not Chinese activists, it suggests the hacking campaign may be broader or different groups of hackers are using the same tactic.
User safety
Signal will never reach out to you 1st
Signal has made it clear that it "will never reach out" to users first, nor ask for their registration code, PIN, or recovery key. This means any chat pretending to be coming from "Signal Support" is actually coming from malicious hackers. The organization has publicly warned about this exact type of attack last month.
Attack evolution
Phishing attacks now target Signal backups
The latest phishing attacks are a departure from previous campaigns that tried to hijack a victim's account and impersonate them. These new attacks specifically target backups, which could contain older chats, photos, and documents of the user. Last year, Signal introduced Secure Backups as an opt-in feature for users to upload their account's contents onto its servers with encryption protected by a recovery key.