BfV and BSI Signal account-hijack mitigation advisory
Advisory/Mitigation
Summary
Hide ▲
Show ▼
The BfV and BSI issued urgent guidance to help Signal users resist account hijacking attempts that can expose chats and contact lists. The advisory matters because attackers are using impersonation and rogue device pairing rather than malware or technical exploits. Users are told to ignore alleged support messages, block and report them, and check Linked devices and Registration Lock settings. The guidance is aimed at reducing takeover risk for people targeted in the ongoing Signal abuse campaign.
Related Happenings
Signal Backup Recovery Key phishing mitigation
Advisory/Mitigation
H score25
First: 27.06.2026 01:06
Last: 27.06.2026 01:06
Sources 1
About this happening:
The **FBI** and **CISA** updated mitigation guidance for **Signal users** after a phishing operation began targeting **Backup Recovery Keys**, which can expose **historical messag...
Signal Backup Recovery Key phishing mitigation
Advisory/MitigationAbout this happening: The **FBI** and **CISA** updated mitigation guidance for **Signal users** after a phishing operation began targeting **Backup Recovery Keys**, which can expose **historical messag...
India's Ministry of Electronics and Information Technology acting under Section 69A of the IT Act Restricted access to Telegram nationwide and ordered message-editing disabled
Public Sector Action
H score71
First: 17.06.2026 16:12
Last: 17.06.2026 16:12
Sources 1
About this happening:
India's **Ministry of Electronics and Information Technology** ordered a **nationwide Telegram restriction** under **Section 69A** through **June 22**, adding a separate requireme...
India's Ministry of Electronics and Information Technology acting under Section 69A of the IT Act Restricted access to Telegram nationwide and ordered message-editing disabled
Public Sector ActionAbout this happening: India's **Ministry of Electronics and Information Technology** ordered a **nationwide Telegram restriction** under **Section 69A** through **June 22**, adding a separate requireme...
Signal adds in-app phishing confirmations and warning messages
Security Tool/Service
H score14
First: 12.05.2026 22:40
Last: 12.05.2026 22:40
Sources 1
About this happening:
**Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...
Signal adds in-app phishing confirmations and warning messages
Security Tool/ServiceAbout this happening: **Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...
RubyGems pauses new account signups during major malicious attack
Security Tool/Service
H score25
First: 12.05.2026 17:47
Last: 12.05.2026 17:47
Sources 1
About this happening:
**RubyGems** temporarily disabled **new account registration** after a **major malicious attack**, disrupting a core **Ruby package-registry** service while operators contain the...
RubyGems pauses new account signups during major malicious attack
Security Tool/ServiceAbout this happening: **RubyGems** temporarily disabled **new account registration** after a **major malicious attack**, disrupting a core **Ruby package-registry** service while operators contain the...
PromptSpy backdoor for Android with Gemini API automation
Malware Activity
H score22
First: 11.05.2026 16:02
Last: 11.05.2026 16:02
Sources 1
About this happening:
The **PromptSpy** backdoor for **Android** was highlighted for using **Gemini APIs** to automate device interaction, increasing the risk of unauthorized control on infected phones...
PromptSpy backdoor for Android with Gemini API automation
Malware ActivityAbout this happening: The **PromptSpy** backdoor for **Android** was highlighted for using **Gemini APIs** to automate device interaction, increasing the risk of unauthorized control on infected phones...
Timeline
-
06.02.2026 22:00 1 articles · 5mo ago
BfV and BSI issue Signal account-hijack guidance
Mitigation Patch UpdateGermany's Federal Office for the Protection of the Constitution (BfV) and the Federal Office for Information Security (BSI) warn that suspected state-sponsored threat actors are targeting high-ranking individuals in phishing attacks via Signal and similar messaging apps, using social engineering instead of malware or exploited vulnerabilities. The advisory says attackers impersonate Signal support, send fake security warnings, steal a Signal PIN or SMS verification code, or trick targets into scanning a QR code to abuse the linked-device feature and gain access to chats and contact lists. Users are advised to ignore alleged support messages, block and report suspicious accounts, enable Registration Lock, and regularly review and remove unknown devices under Linked devices.
Show sources
- Germany warns of Signal account hijacking targeting senior figures — www.bleepingcomputer.com — 06.02.2026 22:00