Phishing Campaign Targets Signal Users to Steal Backup Recovery Keys

A phishing campaign is actively targeting Signal users, particularly journalists and activists, by impersonating Signal Support via text messages to steal backup recovery keys. Attackers send urgent messages requesting the recovery key, which, if obtained, allows decryption of the user’s entire message history, not just future communications. The campaign does not specify a timeline but is described as currently ongoing. No technical details such as CVE IDs, specific malware strains, or attack infrastructure were provided. The primary impact is unauthorized access to sensitive conversations and potential exposure of confidential information.