Hackers are trying to steal Signal users' backups in new wave of phishing attacks

Hackers are targeting Signal users in an attempt to steal their chat backups as part of a new hacking campaign. The attack involves hackers pretending to be Signal's support team, warning targets that their backed-up chats and media are at risk of permanent loss due to a sync issue. On Wednesday, Washington Post analyst Josh Rogin posted a screenshot of the malicious message, which asks targets to share their recovery key to access their online backups.

The message claims that failure to do so may result in losing access to their account and all stored data. Rogin said that several anti-Chinese Communist Party activists have received this phishing attempt. Mohammed Al-Maskati, director at Access Now's Digital Security Helpline, told TechCrunch that two people shared similar messages with him, suggesting that the hacking campaign could be more widespread and targeting other communities.

It's unclear how effective the hacking campaign has been, but Al-Maskati noted that stealing the victim's recovery keys is only one step in the attack, and hackers still need to take over the victim's account. Signal says it "will never reach out" to users first and will never ask for their registration code, PIN, or recovery key. The organization has publicly warned about this exact type of attack last month.

This type of attack relies on phishing targets, exploiting their trust in the app and the organization behind it. While there have been several campaigns of hackers impersonating Signal support in recent months, this is a new type of attack because it specifically targets backups, which can contain a victim's older chats, photos, and documents. Signal launched Secure Backups last year, a feature that lets users upload their account's contents to Signal's servers, encrypted with a recovery key that the organization says is "never shared with Signal's servers," and "never leaves" the users' device.