Signal support-lure phishing campaign targeting European officials and journalists
Campaign
Summary
Hide ▲
Show ▼
Germany's BfV and BSI warned that a likely state-sponsored actor is running a Signal phishing campaign that can steal PINs and device-link access, putting political, military, diplomatic, and investigative-journalist accounts at risk. The operation uses fake "Signal Support" and "Signal Security ChatBot" contacts to coax targets into sharing SMS verification codes. A second lure pushes victims to scan a QR code, which can give attackers access to chats and contact lists on a device they control. The same technique could also be adapted to WhatsApp because of similar device-linking and two-step verification features.
Related Happenings
Signal adds in-app phishing confirmations and warning messages
Security Tool/Service
First: 12.05.2026 22:40
Last: 12.05.2026 22:40
Sources 1
About this happening:
**Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...
Signal adds in-app phishing confirmations and warning messages
Security Tool/ServiceAbout this happening: **Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...
PromptSpy backdoor for Android with Gemini API automation
Malware Activity
First: 11.05.2026 16:02
Last: 11.05.2026 16:02
Sources 1
About this happening:
The **PromptSpy** backdoor for **Android** was highlighted for using **Gemini APIs** to automate device interaction, increasing the risk of unauthorized control on infected phones...
PromptSpy backdoor for Android with Gemini API automation
Malware ActivityAbout this happening: The **PromptSpy** backdoor for **Android** was highlighted for using **Gemini APIs** to automate device interaction, increasing the risk of unauthorized control on infected phones...
QR code phishing surged across email threats in Q1 2026
Target Trend
First: 05.05.2026 09:35
Last: 05.05.2026 09:35
Sources 1
About this happening:
**Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....
QR code phishing surged across email threats in Q1 2026
Target TrendAbout this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....
Suspected Russia-linked Signal phishing campaign targeting political accounts
Campaign
First: 28.04.2026 13:54
Last: 28.04.2026 13:54
Sources 1
About this happening:
A **suspected Russia-linked** phishing campaign on **Signal** compromised about **300 political-sphere accounts**, exposing chats, ongoing conversations, and address books. Victim...
Suspected Russia-linked Signal phishing campaign targeting political accounts
CampaignAbout this happening: A **suspected Russia-linked** phishing campaign on **Signal** compromised about **300 political-sphere accounts**, exposing chats, ongoing conversations, and address books. Victim...
Latest development: 12.05.2026 22:40
Signal introduced new in-app confirmations, warning messages, and educational prompts to help users resist phishing and social engineering attempts, including bogus Signal Support lures and requests to scan QR codes or share registration codes, PINs, or recovery keys.
Venom PhaaS SharePoint QR-code campaign targeting C-suite executives
Campaign
First: 03.04.2026 11:00
Last: 03.04.2026 11:00
Sources 1
About this happening:
The **Venom PhaaS** operation ran a **credential theft campaign** against **C-suite executives and senior personnel** at major global organizations, creating a broad risk of accou...
Venom PhaaS SharePoint QR-code campaign targeting C-suite executives
CampaignAbout this happening: The **Venom PhaaS** operation ran a **credential theft campaign** against **C-suite executives and senior personnel** at major global organizations, creating a broad risk of accou...
Timeline
-
07.02.2026 13:15 1 articles · 3mo ago
BfV and BSI warn of Signal support-lure phishing against European officials and journalists
Initial DisclosureOn 2026-02-07, Germany's BfV and BSI issued a joint advisory about a likely state-sponsored campaign that uses fake "Signal Support" and "Signal Security ChatBot" contacts on Signal to coerce high-ranking targets in politics, the military, diplomacy, and investigative journalism in Germany and Europe into sharing SMS PINs or verification codes or scanning a QR code for device linking. The method can expose chats, contact lists, profile settings, and block lists, can let attackers capture incoming messages and impersonate victims, does not depend on malware or a Signal vulnerability, may also be extended to WhatsApp, and defenders are urged to enable Registration Lock and review linked devices.
Show sources
- German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists — thehackernews.com — 07.02.2026 13:15