Overview
- BfV and BSI issued a joint alert on February 6 warning that a likely state or state-directed actor is phishing on Signal to compromise high-value targets in Germany and Europe.
- In one variant, impostors posing as Signal support request a security PIN or verification code, enabling an irreversible account takeover and interception of new messages.
- In a second variant, victims are lured into scanning a QR code that links a new device, granting attackers roughly six weeks of message history, live access, and the ability to send as the victim.
- Authorities say sightings point to a broad spray campaign rather than narrowly tailored intrusions, and they have not attributed the activity to a specific state.
- The agencies caution that similar techniques could work on WhatsApp and note Signal cannot automatically detect such phishing, so guidance focuses on user vigilance and operational hygiene.