{“lastseen”:”2026-05-29T14:05:07″,”description”:”A new phishing campaign is targeting Signal users by attempting to steal their backup recovery keys to access encrypted message archives. \\n\\nThe attack is initiated by a text message pretending to come from Signal Support.\\n\\n\\n\\n\\u003e \u201cAction Required: Data Recovery Needed \\n\\u003e Your Signal account data (message and media) Is at risk of permanent loss due to a sync issue. \\n\\u003e To avoid losing your messages and media: \\n\\u003e 1\\\\. Go to Settings -\\u003e Backups -\\u003e Configure -\\u003e Enable backups -\\u003e View Recovery Key. \\n\\u003e 2\\\\. Copy the recovery key to your clipboard. \\n\\u003e 3\\\\. Paste the key into this chat. \\n\\u003e This links your existing backup to your account. Failure to do this may result in losing access to your account and all stored data.\u201d\\n\\nThere are a few red flags in this message:\\n\\n * The \u201cName not verified\u201d label under the sender\\n * Repeated threats of losing all your data\\n * Pasting the key into the chat. Signal Support would never ask for your recovery key\\n\\n\\n\\n* * *\\n\\n\\n\\n### Scam or legit? Scam Guard knows.\\n\\nTRY IT NOW\\n\\n* * *\\n\\nThe attack exploits Signal’s Secure Backups feature, which allows users to store encrypted archives of their conversations on Signal’s servers. These backups are protected by a 64-character recovery key.\\n\\nThat key should never leave the user’s device and is never shared with Signal’s servers. If hackers obtain this key and gain control of a victim’s account, they can download and decrypt the entire message history.\\n\\nFor an attacker, that\u2019s even better than hijacking an account, which would only give them access to future messages.\\n\\nFor now, the attacks appear to be targeted. We have seen reports from journalists, reports of attacks on Chinese activists, and warnings from a researcher who investigates cyberattacks against journalists, dissidents, and human rights activists. But now that other cybercriminals are aware of this opportunity, the tactic could spread rapidly.\\n\\n## How to stay safe\\n\\nSignal explicitly states that it will never reach out to users first and will never request registration codes, PINs, or recovery keys. \\n\\n * **Treat unsolicited messages from \u201cSupport\u201d as suspicious by default.** Legitimate support for apps like Signal and WhatsApp do not ask you, in a chat message, to send back verification codes, PINs, or passwords.\u200b If you receive a warning about account problems, do not follow links in the message. Open the app\u2019s settings directly or visit the official website through other means.\\n * **Never share any secret codes,multi-factor authentication keys, or app PINs. **SMS codes are there to prove that you control a phone number. Anyone who has the code can pretend to be you. App\u2011specific PINs or passcodes are there to protect account changes. Consider anyone asking for them to be a scammer.\\n * **Use the extra security features these apps offer.** Enable options like registration lock, registration PIN and device\u2011change alerts so that your account cannot be silently re\u2011registered without an extra secret. Store your PIN in a password manager instead of choosing something easy to guess or reusing a code. This reduces the risk of social engineering or shoulder\u2011surfing.\\n * **Another useful feature isdisappearing messages. **Short\u2011timer and disappearing messages reduce how much content is available if an attacker gains access to a chat later, or obtains long\u2011term access to a device or backup. They are not a complete solution, but they can limit the damage.\\n * **UseMalwarebytes Scam Guard on your device or online to check messages.** Malwarebytes Scam Guard identified this message as a phishing attempt and provided further information about how to proceed.\\n\\n\\n\\n* * *\\n\\n**Scammers know more about you than you think.** \\n\\nMalwarebytes Mobile Security protects you from phishing, scam texts, malicious sites, and more. With real-time AI-powered Scam Guard built right in. \\n\\nDownload for iOS \u2192 Download for Android \u2192”,”published”:”2026-05-29T12:07:24″,”modified”:”2026-05-29T12:07:24″,”type”:”malwarebytes”,”title”:”Signal users targeted in backup-stealing phishing attacks”,”source”:””,”references”:””,”id”:”MALWAREBYTES:AB4720290D95C0CACF3C1E2CB7775924″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/05\/signal-users-targeted-in-backup-stealing-phishing-attacks”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-29T14:05:07″,”description”:”A new phishing campaign is targeting Signal users by attempting to steal their backup recovery keys to access encrypted message archives. \\n\\nThe attack is initiated…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-58164","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n