GERMAN authorities have warned of a Signal phishing campaign aimed at high‑profile targets including politicians, military personnel, and journalists in Germany and Europe. According to Bundesamt für Verfassungsschutz (BfV) and Federal Office for Information Security (BSI), the attackers pose as Signal Support or a “Signal Security ChatBot” to coax targets into handing over a PIN or verification code sent by SMS, enabling covert access to chats and contact lists.
The operation does not rely on malware or exploits of Signal flaws; instead, it weaponises legitimate features to gain access to accounts, with an alternative route using the device linking option to trap victims into QR code scanning and exposing messages from the last 45 days. The agencies warn the campaign could extend to WhatsApp due to similar device‑linking and two‑step verification features.
While the perpetrators behind the activity remain unknown, Microsoft and Google Threat Intelligence Group have linked similar, Russia‑aligned clusters such as Star Blizzard, UNC5792 (aka UAC‑0195), and UNC4221 (aka UAC‑0185) to analogous campaigns. Users are urged to avoid engaging with suspicious signals‑support accounts and to enable Registration Lock, review linked devices regularly, and remove unknown devices to mitigate risk.