Signal Phishing Campaign Targets Journalists and Activists to Steal Backup Recovery Keys
Signal Phishing Campaign Targets Journalists and Activists to Steal Backup Recovery Keys
Publish Date: 2026-05-30 05:25:45
Source Domain: securityaffairs.com
A recent phishing campaign is specifically targeting Signal users, notably journalists and activists, deceiving them into providing their backup recovery keys via text messages that mimic official Signal Support communications. This information, which should never leave the user’s device or be shared with Signal, allows attackers to decrypt the entire encrypted backup, granting them access not just to future messages but all stored conversations. This campaign primarily leverages fear and urgency to manipulate victims into divulging their private data. Security advice recommends treating unsolicited support messages with suspicion and employing various protective features to mitigate risk.
Key Points:
– A phishing campaign targets Signal users, tricking them into sharing their backup recovery keys.
– The stolen key can decrypt the entire message history for all stored conversations, not just recent ones.
– Primary targets of this attack are journalists, activists, and politicians for the sensitivity of their past communications.
– Signal assures users that they will never ask for codes, PINs, or recovery keys via direct messages.
– Protective measures include skepticism towards unprompted support requests, enabling security features, and utilizing disappearing messages to limit exposure.
