Signal support-lure phishing campaign targeting European officials and journalists
Campaign
Summary
Hide ▲
Show ▼
Germany's BfV and BSI warned that a likely state-sponsored actor is running a Signal phishing campaign that can steal PINs and device-link access, putting political, military, diplomatic, and investigative-journalist accounts at risk. The operation uses fake "Signal Support" and "Signal Security ChatBot" contacts to coax targets into sharing SMS verification codes. A second lure pushes victims to scan a QR code, which can give attackers access to chats and contact lists on a device they control. The same technique could also be adapted to WhatsApp because of similar device-linking and two-step verification features.
Related Happenings
WhatsApp VBScript phishing campaign targeting users in multiple countries
Campaign
H score43
First: 23.06.2026 01:42
Last: 23.06.2026 01:42
Sources 1
About this happening:
An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...
WhatsApp VBScript phishing campaign targeting users in multiple countries
CampaignAbout this happening: An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...
India's Ministry of Electronics and Information Technology acting under Section 69A of the IT Act Restricted access to Telegram nationwide and ordered message-editing disabled
Public Sector Action
H score71
First: 17.06.2026 16:12
Last: 17.06.2026 16:12
Sources 1
About this happening:
India's **Ministry of Electronics and Information Technology** ordered a **nationwide Telegram restriction** under **Section 69A** through **June 22**, adding a separate requireme...
India's Ministry of Electronics and Information Technology acting under Section 69A of the IT Act Restricted access to Telegram nationwide and ordered message-editing disabled
Public Sector ActionAbout this happening: India's **Ministry of Electronics and Information Technology** ordered a **nationwide Telegram restriction** under **Section 69A** through **June 22**, adding a separate requireme...
Signal adds in-app phishing confirmations and warning messages
Security Tool/Service
H score14
First: 12.05.2026 22:40
Last: 12.05.2026 22:40
Sources 1
About this happening:
**Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...
Signal adds in-app phishing confirmations and warning messages
Security Tool/ServiceAbout this happening: **Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...
PromptSpy backdoor for Android with Gemini API automation
Malware Activity
H score22
First: 11.05.2026 16:02
Last: 11.05.2026 16:02
Sources 1
About this happening:
The **PromptSpy** backdoor for **Android** was highlighted for using **Gemini APIs** to automate device interaction, increasing the risk of unauthorized control on infected phones...
PromptSpy backdoor for Android with Gemini API automation
Malware ActivityAbout this happening: The **PromptSpy** backdoor for **Android** was highlighted for using **Gemini APIs** to automate device interaction, increasing the risk of unauthorized control on infected phones...
QR code phishing surged across email threats in Q1 2026
Trend
H score73
First: 05.05.2026 09:35
Last: 05.05.2026 09:35
Sources 1
About this happening:
**Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....
QR code phishing surged across email threats in Q1 2026
TrendAbout this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....
Timeline
-
07.02.2026 13:15 1 articles · 5mo ago
BfV and BSI warn of Signal support-lure phishing against European officials and journalists
Initial DisclosureOn 2026-02-07, Germany's BfV and BSI issued a joint advisory about a likely state-sponsored campaign that uses fake "Signal Support" and "Signal Security ChatBot" contacts on Signal to coerce high-ranking targets in politics, the military, diplomacy, and investigative journalism in Germany and Europe into sharing SMS PINs or verification codes or scanning a QR code for device linking. The method can expose chats, contact lists, profile settings, and block lists, can let attackers capture incoming messages and impersonate victims, does not depend on malware or a Signal vulnerability, may also be extended to WhatsApp, and defenders are urged to enable Registration Lock and review linked devices.
Show sources
- German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists — thehackernews.com — 07.02.2026 13:15