BfV and BSI Signal account-hijack mitigation advisory
Advisory/Mitigation
Summary
Hide ▲
Show ▼
The BfV and BSI issued urgent guidance to help Signal users resist account hijacking attempts that can expose chats and contact lists. The advisory matters because attackers are using impersonation and rogue device pairing rather than malware or technical exploits. Users are told to ignore alleged support messages, block and report them, and check Linked devices and Registration Lock settings. The guidance is aimed at reducing takeover risk for people targeted in the ongoing Signal abuse campaign.
Related Happenings
Signal adds in-app phishing confirmations and warning messages
Security Tool/Service
First: 12.05.2026 22:40
Last: 12.05.2026 22:40
Sources 1
About this happening:
**Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...
Signal adds in-app phishing confirmations and warning messages
Security Tool/ServiceAbout this happening: **Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...
RubyGems pauses new account signups during major malicious attack
Security Tool/Service
First: 12.05.2026 17:47
Last: 12.05.2026 17:47
Sources 1
About this happening:
**RubyGems** temporarily disabled **new account registration** after a **major malicious attack**, disrupting a core **Ruby package-registry** service while operators contain the...
RubyGems pauses new account signups during major malicious attack
Security Tool/ServiceAbout this happening: **RubyGems** temporarily disabled **new account registration** after a **major malicious attack**, disrupting a core **Ruby package-registry** service while operators contain the...
PromptSpy backdoor for Android with Gemini API automation
Malware Activity
First: 11.05.2026 16:02
Last: 11.05.2026 16:02
Sources 1
About this happening:
The **PromptSpy** backdoor for **Android** was highlighted for using **Gemini APIs** to automate device interaction, increasing the risk of unauthorized control on infected phones...
PromptSpy backdoor for Android with Gemini API automation
Malware ActivityAbout this happening: The **PromptSpy** backdoor for **Android** was highlighted for using **Gemini APIs** to automate device interaction, increasing the risk of unauthorized control on infected phones...
WhatsApp anti-scam protections now warn on fraudulent device-linking requests
Security Tool/Service
First: 26.03.2026 16:06
Last: 26.03.2026 16:06
Sources 1
About this happening:
**WhatsApp** rolled out **anti-scam protections** that warn users when **device-linking requests** look suspicious, adding a new user-facing control against **fraudulent account-l...
WhatsApp anti-scam protections now warn on fraudulent device-linking requests
Security Tool/ServiceAbout this happening: **WhatsApp** rolled out **anti-scam protections** that warn users when **device-linking requests** look suspicious, adding a new user-facing control against **fraudulent account-l...
Signal and WhatsApp anti-phishing account-hardening guidance
Defensive Guidance
First: 21.03.2026 15:17
Last: 21.03.2026 15:17
Sources 1
About this happening:
A **UK National Cyber Security Centre (NCSC)** alert on **March 31** warned that **Russia-based actors** are increasing **targeted attacks** against **high-risk individuals** usin...
Signal and WhatsApp anti-phishing account-hardening guidance
Defensive GuidanceAbout this happening: A **UK National Cyber Security Centre (NCSC)** alert on **March 31** warned that **Russia-based actors** are increasing **targeted attacks** against **high-risk individuals** usin...
Timeline
-
06.02.2026 22:00 1 articles · 3mo ago
BfV and BSI issue Signal account-hijack guidance
Mitigation Patch UpdateGermany's Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) warn that suspected state-sponsored threat actors are targeting high-ranking individuals in phishing attacks via Signal and similar messaging apps, using social engineering instead of malware or exploited vulnerabilities. The advisory says attackers impersonate Signal support, send fake security warnings, steal a Signal PIN or SMS verification code, or trick targets into scanning a QR code to abuse the linked-device feature and gain access to chats and contact lists. Users are advised to ignore alleged support messages, block and report suspicious accounts, enable Registration Lock, and regularly review and remove unknown devices under Linked devices.
Show sources
- Germany warns of Signal account hijacking targeting senior figures — www.bleepingcomputer.com — 06.02.2026 22:00