Signal and WhatsApp anti-phishing account-hardening guidance
Defensive Guidance
Summary
Hide ▲
Show ▼
A UK National Cyber Security Centre (NCSC) alert on March 31 warned that Russia-based actors are increasing targeted attacks against high-risk individuals using WhatsApp, Facebook Messenger and Signal. The activity relies on malicious links and QR codes, credential theft, and social engineering to compromise messaging apps and related accounts, with similar activity previously attributed to APT31 and IRGC-linked hackers.
Related Happenings
Signal adds in-app phishing confirmations and warning messages
Security Tool/Service
First: 12.05.2026 22:40
Last: 12.05.2026 22:40
Sources 1
About this happening:
**Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...
Signal adds in-app phishing confirmations and warning messages
Security Tool/ServiceAbout this happening: **Signal** added **in-app confirmations** and **warning messages** to slow phishing and social-engineering attempts that could expose **accounts**, **chats**, and **contacts**. Th...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware Activity
First: 08.05.2026 21:12
Last: 08.05.2026 21:12
Sources 1
About this happening:
**TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
TCLBANKER banking trojan activity targeting 59 financial platforms
Malware ActivityAbout this happening: **TCLBANKER** is a newly documented **Brazilian banking trojan** that can hit **59 banking, fintech, and cryptocurrency platforms**, increasing the risk of credential theft and re...
TCLBanker self-spreading banking trojan
Malware Activity
First: 08.05.2026 01:06
Last: 08.05.2026 01:06
Sources 1
About this happening:
The **TCLBanker** trojan now combines **trojanized installer** delivery with **self-spreading worm modules**, widening access to **59 banking, fintech, and cryptocurrency platform...
TCLBanker self-spreading banking trojan
Malware ActivityAbout this happening: The **TCLBanker** trojan now combines **trojanized installer** delivery with **self-spreading worm modules**, widening access to **59 banking, fintech, and cryptocurrency platform...
QR code phishing surged across email threats in Q1 2026
Target Trend
First: 05.05.2026 09:35
Last: 05.05.2026 09:35
Sources 1
About this happening:
**Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....
QR code phishing surged across email threats in Q1 2026
Target TrendAbout this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....
AWS exposed-key hardening guidance for Amazon SES phishing abuse
Defensive Guidance
First: 04.05.2026 23:03
Last: 04.05.2026 23:03
Sources 1
About this happening:
**Kaspersky** urged organizations to harden **AWS IAM** and credential handling after **exposed access keys** were linked to phishing delivery through **Amazon SES**, reducing the...
AWS exposed-key hardening guidance for Amazon SES phishing abuse
Defensive GuidanceAbout this happening: **Kaspersky** urged organizations to harden **AWS IAM** and credential handling after **exposed access keys** were linked to phishing delivery through **Amazon SES**, reducing the...
Timeline
-
21.03.2026 15:17 3 articles · 2mo ago
CISA and FBI issue Signal and WhatsApp anti-phishing guidance
Mitigation Patch UpdateCISA and the FBI advised users of commercial messaging apps such as Signal and WhatsApp to treat unsolicited requests for SMS codes, verification PINs, links, and QR-code scans as phishing attempts, because actors posing as trusted support accounts can recover or link accounts and then view messages, send messages as the victim, and launch secondary phishing from a trusted identity.
Show sources
- FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks — thehackernews.com — 21.03.2026 15:17
- FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks — thehackernews.com — 21.03.2026 15:17
- NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts — www.infosecurity-magazine.com — 02.04.2026 17:15