Got a security message on Signal or WhatsApp? That’s Russian hackers knocking, FBI warns

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint security advisory, warning Americans that Russian intelligence services are trying to take over control of messaging apps like WhatsApp and Signal.

According to the American intelligence agencies, thousands of accounts have already been affected by Russia’s ongoing campaigns. Once an account has been compromised, malicious threat actors can extract a lot of personal information from their victims, including their full chat history and contact lists.

Russian intelligence services use phishing messages to fool victims. They pretend to be a support chatbot or a member of a security team, claiming that they’ve noticed “suspicious activities” or unauthorized login attempts from an unrecognized location. Targets are being asked to send a verification code to the helpdesk support employee to fix the issue.

Another way to remotely take control of a messaging app is by abusing a feature called ‘linked devices.’ When enabled, an attacker has full control over an account, without the victim realizing their account has been compromised.

“As the campaign evolves, actors may use additional techniques, such as malware to infect the victim,” the intelligence agencies hint.

To protect your WhatsApp or Signal account, the FBI and CISA recommend treating unknown messages with suspicion as they may be phishing attempts. In addition, users should inspect URLs and files before clicking or opening them to make sure they’re not installing malware.

Lastly, users should verify group chats regularly to make sure no fake or duplicate accounts have been added, and update their messaging app as soon as an update is available.

Earlier this month, the General Dutch Intelligence Agency (AIVD) and Dutch Military Intelligence and Security Service (MIVD) announced that WhatsApp and Signal accounts used by officials, military personnel, and journalists have been hacked by state-sponsored hackers from Russia.

Signal used the opportunity to warn its users to never share SMS verification codes or Signal PINs with anyone else. “User vigilance is ultimately the best defense against phishing,” the messaging app said.