Russian Hackers Exploit Signal's 'Linked Devices' for Phishing Attacks
2025-02-19
Russian-aligned hackers are exploiting Signal's 'linked devices' feature for large-scale phishing attacks. Attackers create malicious QR codes disguised as legitimate Signal resources like group invites or security alerts. Scanning these codes links victims' accounts to attacker-controlled Signal instances, allowing real-time eavesdropping on conversations. This technique, used by groups like APT44, even targets Ukrainian military personnel. The stealthy nature and lack of effective defenses make this a high-risk, low-signature attack that can go undetected for extended periods.