Russia-aligned Signal linked-devices account hijacking campaign
Campaign
Summary
Hide ▲
Show ▼
Multiple Russia-aligned threat actors are running an active Signal account hijacking campaign that abuses the app's linked devices feature. The operation has been visible since the start of the year and targets high-value mobile messaging users across the United States, the Middle East, and Europe. It matters because compromising an encrypted messaging account can expose private communications and enable follow-on intrusion activity.
Cases
Related Happenings
Premium Deception Android malware campaign
Campaign
First: 20.05.2026 18:30
Last: 20.05.2026 18:30
Sources 1
About this happening:
The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...
Premium Deception Android malware campaign
CampaignAbout this happening: The **Premium Deception** campaign used **nearly 250 fake Android apps** to enroll victims in premium mobile billing subscriptions, creating direct fraud risk across multiple coun...
AI-driven attack surge against customer-facing mobile apps in 2026
Target Trend
First: 19.05.2026 15:00
Last: 19.05.2026 15:00
Sources 1
About this happening:
**Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...
AI-driven attack surge against customer-facing mobile apps in 2026
Target TrendAbout this happening: **Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...
Signal adds in-app phishing confirmations and warning messages
Security Tool/Service
First: 12.05.2026 22:40
Last: 12.05.2026 22:40
Sources 1
About this happening:
**Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...
Signal adds in-app phishing confirmations and warning messages
Security Tool/ServiceAbout this happening: **Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...
Suspected Russia-linked Signal phishing campaign targeting political accounts
Campaign
First: 28.04.2026 13:54
Last: 28.04.2026 13:54
Sources 1
About this happening:
A **suspected Russia-linked** phishing campaign on **Signal** compromised about **300 political-sphere accounts**, exposing chats, ongoing conversations, and address books. Victim...
Suspected Russia-linked Signal phishing campaign targeting political accounts
CampaignAbout this happening: A **suspected Russia-linked** phishing campaign on **Signal** compromised about **300 political-sphere accounts**, exposing chats, ongoing conversations, and address books. Victim...
Latest development: 12.05.2026 22:40
Signal introduced new in-app confirmations, warning messages, and educational prompts to help users resist phishing and social engineering attempts, including bogus Signal Support lures and requests to scan QR codes or share registration codes, PINs, or recovery keys.
Mirax Android banking trojan with residential proxy nodes
Malware Activity
First: 13.04.2026 17:30
Last: 13.04.2026 17:30
Sources 1
About this happening:
Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...
Mirax Android banking trojan with residential proxy nodes
Malware ActivityAbout this happening: Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...
Timeline
-
25.11.2025 08:42 2 articles · 6mo ago
CISA warns of Russia-aligned Signal linked-devices hijacking campaign
Initial DisclosureCISA warned that multiple Russia-aligned threat actors are actively targeting Signal users by abusing the app's "linked devices" feature to hijack target accounts and facilitate further compromise of mobile devices. The campaign focuses on high-value individuals, including current and former high-ranking government, military, and political officials, along with civil society organizations and individuals across the United States, the Middle East, and Europe.
Show sources
- CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users — thehackernews.com — 25.11.2025 08:42
- CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users — thehackernews.com — 25.11.2025 08:42