Hackers have figured out how to hack Signal accounts

Russian hackers have been actively exploiting the Signal messenger’s connected devices feature to gain access to communications, with a particular focus on Ukrainian military communications. Cybersecurity experts warn that similar methods could be used to attack others.

How hackers work:

1. Physical device takeover – hackers gain access to phones used by military groups and link their own devices to the account.
2. Adding an enemy device via QR code – social engineering tactics and phishing sites masquerading as Signal service pages are used.

According to the Google Threat Intelligence Group (GTIG), the APT44 (Sandworm), UNC5792, and UNC4221 hacking groups are creating fake websites containing malicious JavaScript and QR codes to compromise accounts. For example, UNC4221 imitates pages of the Kropyva program, which the Ukrainian military uses for artillery guidance.

Protection measures:

• Always update Signal to the latest version.
• Regularly check the list of connected devices.
• Do not scan QR codes from unverified sources.
• Enable authentication and notifications about new connections.

Signal uses end-to-end encryption, which makes it a reliable means of data protection. However, vulnerabilities related to QR codes can threaten not only this messenger, but also other services, such as Whatsapp.