Google warns Russian hackers are targeting Signal app used by Ukraine’s military – UPI.com

Devices captured by Russia in Ukraine are being used by the GRU to link the Signal accounts on the devices to hacker-controlled infrastructure, it said.

GTIG added while Ukraine’s military is the current Russian Signal hacking target, it anticipates “the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war.”

Google said a suspected Russian espionage cluster it tracked as UNC5792 had altered legitimate group invite Signal pages to redirect the invite to a malicious URL.

The Google statement said the hacking techniques used by Russia’s GRU to hack Signal accounts can also be used to target WhatsApp and Telegram accounts.

Google said the Russian hacking efforts exploit a legitimate Signal feature that links devices allowing Signal to be used simultaneously on multiple devices.

Malicious QR codes are used to link a victim’s account to one that is hacker-controlled.

Google’s statement said that when that hack works, it lets the malicious actor “eavesdrop on the victim’s secure conversations without the need for full-device compromise.”

It happens in real-time so the hackers can intercept the communications.

According to Google, the Russian hackers use tailored remote phishing operations along with the malicious QR code deployment embedded in the phishing pages made to look like special apps used by Ukraine’s military.

Signal uses end-to-end encryption, which Google said doesn’t appear to have been compromised.

Signal senior technologist Josh Lund told Politico EU that Signal has taken steps to “help raise awareness and protect users from the types of social engineering attacks that the report describes.

Those steps include a user interface revamp with added authentication steps as well as new notifications for newly linked devices.