Google’s threat intelligence team has identified a phishing technique used by Russian cyberwarfare groups targeting Signal, an encrypted messaging platform widely used in Ukraine, including by its military. The attackers exploit a feature allowing users to join Signal groups via QR codes, tricking victims into linking their devices to those controlled by hackers. This enables real-time interception of messages. In response, Signal has rolled out updates for iOS and Android to counter this threat, introducing additional user verification steps when linking new devices. These measures aim to protect users globally from similar attacks, which have also targeted other platforms like WhatsApp and Telegram. The situation underscores the ongoing challenge of phishing and the need for robust cybersecurity measures. — news from WIRED
