German security agencies warn of phishing attacks on Signal targeting politicians, military and journalists using social engineering, not malware.
Germany’s domestic intelligence agency (BfV) and the Federal Office for Information Security (BSI) have issued a joint warning about a likely state-backed phishing campaign targeting users of the Signal messaging app.
The attacks focus on high-profile figures in politics, the military, diplomacy, and investigative journalism across Germany and Europe. Rather than exploiting software flaws or deploying malware, the attackers abuse Signal’s legitimate features to gain access to private chats and contact lists.
Threat actors pose as “Signal Support” or a fake security chatbot, urging victims to share a PIN or SMS verification code. If successful, the attackers can take over the account, intercept new messages, and impersonate the victim.
In another variant, victims are tricked into scanning a malicious QR code through Signal’s device-linking feature, allowing attackers to access messages and contacts without alerting the user.
Authorities warned the technique could also be adapted for WhatsApp, which uses similar security features, and urged users to ignore support messages, enable Registration Lock, and regularly review linked devices.
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
