- Google researchers warn against a current phishing campaign
- It distributes QR codes which grant attackers access to the signaling accounts of people
- The targets are mainly soldiers, warn the experts
The actors of the threat sponsored by the Russian state have increasingly targeted signal signal users, with QR code phishing attacks, malicious software, etc., have warned experts
A googy report intelligently group (GTIG) notes that the use of signal among soldiers, politicians, journalists, activists and other high -risk groups has recently become an increasing interest of actors of the threat sponsored by The state, especially since the start of the Russian-Ukrainian war.
Consequently, various threat actors (notably Apt44 and UNC5792) have tried to mistreat the “linked devices” functionality in the attack. Linked devices allow users to connect multiple devices, such as laptops, tablets and mobile devices to the same account. To simplify the connection process, users can scan a QR code from an already connected device, instead of typing a password or saving a new service.
QR codes
That said, cybercriminals began to send phishing emails with invitations to false groups, different security alerts and similar, which also carry a QR code. If the victim scan, the attacker’s device is connected to his account, having access to contacts, messages, etc.
Given that the phishing email does not bring a malicious link, or attachment, which can be analyzed by e-mail safety solutions, these emails often make past filters and in the reception boxes people.
Beyond the threat groups of phishing, Russian and Belarusian also use malware and specialized tools to exfiltrate signal messages directly from Android and Windows Compromise devices.
These efforts include scripts like Wavesign, which periodically extracts messages from the signal database and the sadly famous Chisel, a variant of known Android malware. Other players, such as Turla and UNC1151, have PowerShell and command line utilities to steal signal messages stored with compromise computers.
