All Sections
Укр Рус Eng Support Us
Укр Рус Eng
Support Us
Join the Ukrainska Pravda community on Patreon to support journalism without limits!
Support Journalism

Google exposes new Russian phishing scheme targeting Ukrainian troops in Signal messaging app

Dmytro DzhuhalykWednesday, 19 February 2025, 17:33
Google exposes new Russian phishing scheme targeting Ukrainian troops in Signal messaging app
Stock photo: Getty Images

The Google Threat Intelligence Group (GTIG) has uncovered a new Russian scheme to access messages in the encrypted Signal app, a tactic used to extract information from Ukrainian soldiers' communications.

Source: Mezha Media, a technology and IT news platform within Ukrainska Pravda’s holding company, citing the GTIG in a statement

Details: The GTIG reported that several hacker groups with close ties to the Russian government have been conducting phishing attacks. Identified as UNC5792 and UNC4221, these groups exploited the messaging app's QR code feature designed for joining new chats. They sent phishing messages with QR code invitations that contained hidden JavaScript commands, enabling them to link the target's smartphone to a new device and gain access to all messages.

Advertisement:

These messages resembled regular chat invitations, appearing to come from military groups on Signal. However, once users scanned the QR code, their device was instantly linked to the attackers' device, granting access to their message history.

Google and Signal teams stated that the scheme did not compromise the messenger’s encryption. Instead, it relied on two functional QR codes: one for inviting users to a new group and another for linking the account to the attackers' device via the Connected Devices feature. When scanned, the QR codes seamlessly swapped, making the switch undetectable to the user.

Last week, Signal released an update for its iOS and Android apps to prevent such attacks. Users will now receive a warning if their account is being paired with a new device and will be required to confirm before granting access to their messages.

Google notes that similar tactics have been used against other messaging apps, such as Telegram and WhatsApp. Still, Signal was the primary target due to its widespread use among the Ukrainian military. The company also emphasised that this strategy was not limited to Ukrainians but was also deployed against activists, journalists and other Signal users worldwide.

Support Ukrainska Pravda on Patreon!

cyber securityRusso-Ukrainian warRussia
Advertisement:
Vice President Vance believes that elections in Ukraine are now part of US policy
Scholz calls Trump's remarks about Zelenskyy wrong and dangerous, Spiegel says
Putin must not be allowed to deceive everyone again, says Zelenskyy in conversation with NATO secretary general
US Vice President Vance criticises Zelenskyy for "badmouthing" Trump
Elections in Ukraine "theoretically possible" this year, but war must end first, Ukraine's Central Election Commission chair says
Trump calls Zelenskyy dictator for refusing to hold elections
All News
cyber security
Belgium holds first trial of Russians for cybercrimes
Russian hackers target WhatsApp in attempt to obtain data on Ukraine
Czechia sees record cyber incidents in 2024, mostly from Russian-speaking hackers
RECENT NEWS
21:21
Finnish president voices support for Zelenskyy amid Trump's accusations
20:56
Vice President Vance believes that elections in Ukraine are now part of US policy
20:40
Scholz calls Trump's remarks about Zelenskyy wrong and dangerous, Spiegel says
20:39
Putin must not be allowed to deceive everyone again, says Zelenskyy in conversation with NATO secretary general
20:28
We must convince US that Ukraine cannot lose war, Finnish president says
20:10
NATO secretary general briefs Zelenskyy on discussions with Trump's special Ukraine envoy and Europeans in Paris
19:58
Top MEPs call for Ukraine's participation in peace talks
19:41
US Vice President Vance criticises Zelenskyy for "badmouthing" Trump
19:26
Man injured in Russian attack on frontline populated area in Zaporizhzhia Oblast
19:15
EXPLAINERHow Europe’s elites miscalculated Trump and what Europe shoul do
All News
Advertisement:
Advertisement: