Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia’s intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia’s re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war.
TL;DR: keep your apps updated & don’t scan QR codes that you don’t trust.
tl;dr it’s malicious “link device” QR codes that are targeted at people, which I’ve read about already. Hopefully, if anyone sees one of these messages in the wild, it would be relatively easy to ignore, because Signal makes you jump through extra hoops if you attempt to scan it with your phone.
If you open your phone’s camera app and point it at one of these malicious QR codes, Signal can/will open it, and then show you a notification:
To link a desktop or iPad to this Signal account, go to Linked Devices and tap “Link a New Device” and scan the QR code again. Make sure you only scan QR codes that come directly from Signal."
You can then jump into the Linked Devices page and scan the code again, if you choose. But the original QR code you scanned doesn’t go anywhere, far as I can tell.
I wonder if Simplex Chat is better in this regard
Safest is probably Briar, which is also among the hardest to use.
I’m liking cwtch right now
