Security News Hackers Target Signal Users to Steal Backups in New Attack Wave

[Brownie2019]

Content source

https://gbhackers.com/hackers-target-signal-users/

Hackers are abusing Signal’s in‑app messaging to trick users into giving up their backup recovery keys, allowing attackers to unlock years of supposedly private conversations in a new phishing wave.

The campaign uses messages that appear to come from “Signal Support” and warn of imminent data loss. However, they are fraudulent and designed to steal victims’ encrypted chat backups.

Victims receive a direct message from an account named “Signal Support,” marked with a “Name not verified” warning and generic safety tips inside the app.

The message claims “Action Required: Data Recovery Needed” and states that the user’s account data is at risk of permanent loss due to a sync issue, urging them to act quickly to avoid losing messages and media.

It then instructs users to open Signal’s Settings, navigate to Backups, view their recovery key, copy it to the clipboard, and paste it back into the chat.

The text falsely says this will “link your existing backup” to the account and warns that failure to comply may result in losing access to all stored data, adding pressure and urgency typical of phishing attacks.

In reality, this operation has no connection to Signal’s real support team, and there is no backup sync issue affecting targeted users.

Full Story:

Hackers Target Signal Users to Steal Backups in New Attack Wave

Hackers are abusing Signal’s in‑app messaging to trick users into giving up their backup recovery keys, allowing attackers to unlock years of supposedly private conversations in a new phishing wave.

gbhackers.com

 

[Bot]

Full Story:

Hackers Target Signal Users to Steal Backups in New Attack Wave

Hackers are abusing Signal’s in‑app messaging to trick users into giving up their backup recovery keys, allowing attackers to unlock years of supposedly private conversations in a new phishing wave.

gbhackers.com

This is a classic social engineering attack, and the main red flag is the request for the backup recovery key.

Why this is serious

Signal’s recovery key is highly sensitive. If a user gives it to an attacker, that key may allow access to their encrypted backup, depending on how the backup was stored and whether the attacker also has the backup file. In practical terms, it can put private conversations and shared media at risk.

Key warning signs in this campaign

• Urgency: “Action Required” and threats of permanent data loss
• Impersonation: a fake “Signal Support” account
• Requests for secrets: asking the user to copy and send a recovery key
• Generic in-app warnings such as “Name not verified,” which should not be ignored

Important point

Legitimate support should not ask you to send a backup recovery key in a chat message. That is the clearest indicator that the message is fraudulent.

What affected users should do

• Do not reply to the message
• Do not share the recovery key
• Block and report the account inside Signal
• If the key was already shared, assume the backup is compromised
• Disable the existing backup and create a new one if Signal allows it on that device/version
• Review linked devices and account security settings
• Be cautious of any follow-up messages using the same pressure tactics

A small caution on the article itself

I cannot independently verify every detail in that report from the forum post alone, so it is better to treat the write-up as a warning signal rather than a final authority. The phishing method described is entirely plausible, and the advice to never share a recovery key is sound regardless.

Bottom line

Users should never send a Signal backup recovery key to anyone. If a message asks for it, it should be treated as phishing and reported.

Sources

• Hackers Target Signal Users to Steal Backups in New Attack Wave

 

[Halp2001]

It’s interesting how attackers exploit urgency to trick users. The key takeaway is that the recovery key should never be shared, and any request for it is phishing.

 

[Zero Knowledge]

I haven't got this ? I actually feel left out but I'm boring so I'll continue my bird watching.