Russian state-sponsored hackers' ongoing Signal and WhatsApp phishing campaign
Campaign
Summary
Hide ▲
Show ▼
An ongoing Russian state-sponsored phishing campaign is targeting Signal and WhatsApp users, with the UK NCSC warning on March 31 that Russia-based actors are using messaging apps to target high-risk individuals. The activity uses malicious links, QR codes, credential theft, and social engineering to compromise accounts and access sensitive conversations, while the alert also notes similar activity previously attributed to FSB-linked actors, APT31, and IRGC-linked hackers.
Related Happenings
Signal adds in-app phishing confirmations and warning messages
Security Tool/Service
First: 12.05.2026 22:40
Last: 12.05.2026 22:40
Sources 1
About this happening:
**Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...
Signal adds in-app phishing confirmations and warning messages
Security Tool/ServiceAbout this happening: **Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware Activity
First: 08.05.2026 21:12
Last: 08.05.2026 21:12
Sources 1
About this happening:
**TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware ActivityAbout this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
Google sponsored search ManageWP phishing campaign
Campaign
First: 07.05.2026 00:36
Last: 07.05.2026 00:36
Sources 1
About this happening:
A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
Google sponsored search ManageWP phishing campaign
CampaignAbout this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...
QR code phishing surged across email threats in Q1 2026
Target Trend
First: 05.05.2026 09:35
Last: 05.05.2026 09:35
Sources 1
About this happening:
**Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....
QR code phishing surged across email threats in Q1 2026
Target TrendAbout this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....
Suspected Russia-linked Signal phishing campaign targeting political accounts
Campaign
First: 28.04.2026 13:54
Last: 28.04.2026 13:54
Sources 1
About this happening:
A **suspected Russia-linked** phishing campaign on **Signal** compromised about **300 political-sphere accounts**, exposing chats, ongoing conversations, and address books. Victim...
Suspected Russia-linked Signal phishing campaign targeting political accounts
CampaignAbout this happening: A **suspected Russia-linked** phishing campaign on **Signal** compromised about **300 political-sphere accounts**, exposing chats, ongoing conversations, and address books. Victim...
Latest development: 12.05.2026 22:40
Signal introduced new in-app confirmations, warning messages, and educational prompts to help users resist phishing and social engineering attempts, including bogus Signal Support lures and requests to scan QR codes or share registration codes, PINs, or recovery keys.
Timeline
-
09.03.2026 23:24 3 articles · 2mo ago
Dutch intelligence and Signal warn on a Signal and WhatsApp phishing campaign
Initial DisclosureNetherlands intelligence agencies and Signal warned that Russian state-sponsored hackers are running an ongoing phishing campaign against government officials, military personnel, journalists, and Dutch government employees, using fake Signal support prompts, SMS verification-code theft, Signal PIN theft, and malicious QR codes or links to hijack Signal and WhatsApp accounts, access messages, and impersonate victims.
Show sources
- Dutch govt warns of Signal, WhatsApp account hijacking attacks — www.bleepingcomputer.com — 09.03.2026 23:24
- FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks — thehackernews.com — 21.03.2026 15:17
- NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts — www.infosecurity-magazine.com — 02.04.2026 17:15