Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Showing posts with label Encrypted Chats. Show all posts

Signal Users Targeted in Sophisticated Phishing Campaigns Aimed at Stealing Chat Backups

 

Recently uncovered cyber threats now focus on people relying on Signal’s encrypted messaging service. Fake notifications, appearing legitimate at first glance, lead recipients to counterfeit pages through deceptive URLs. These attempts aim straight at stored conversation archives linked to user accounts. 

Cyber experts highlight how realistic these fake prompts look, mimicking official alerts almost perfectly. One wrong move could expose personal message history without the owner realizing immediately. Deception unfolds quietly - often beginning with an urgent-looking notice arriving unexpectedly. Trusting such messages opens the door to hidden data theft beneath a surface of authenticity. 

Now showing up more often, the trend reflects how cyberattacks are changing direction. Instead of cracking tough encryption on private chat apps, criminals lean toward tricks that target people's habits. Starting with fake messages that look familiar, these schemes build pressure through time-sensitive demands. Victims then give away passwords or backup codes - without realizing it was never the real service asking. 

Experts say the scam focuses on accounts tied to backups. Messages showing up look real, yet they steer people toward counterfeit sites aiming to grab passwords, restore keys, or similar details. Success means hackers could enter stored backup files online, possibly viewing personal chats once thought secure. Though Signal encrypts messages fully while they move between devices, specialists emphasize that such protection fails when people accidentally hand over private login data. When saved access codes get stolen, chat histories risk exposure even with strong built-in shields. 

Despite robust design, a weak link often lies not in code but human action. Warnings emerge from security experts about rising complexity in phishing efforts. These days, fake emails frequently include convincing logos, web pages built to mimic real ones, along with wording nearly identical to legitimate notices. Personalized versions of such scams now exist, tailored to single users - harder to spot when compared to broad, generic blasts sent without targeting. Caution pays off when messages pop up out of nowhere asking you to confirm your account, bring back old data, or open a web address. 

Before typing in passwords, take a moment - look closely at where you are online; mimicry sites can look real but aren’t. Never hand over access keys or sign-in details, even if someone sounds trustworthy. When extra safeguards exist inside apps like Signal, turning them on simply makes sense. One more time, an attack shows human behavior often matters more than digital safeguards. When hackers trick someone into sharing private data, even strong software fails. 

Because scams grow smarter, staying alert helps block many breaches. Questioning unusual messages first can stop problems later. People stay safer by pausing before reacting to urgent demands.

New Android Malware ‘Sturnus’ Bypasses Encrypted Messaging Protections

 

Researchers at MTI Security have unearthed a particularly advanced strain of Android malware called Sturnus, which threatens to compromise the data and security of mobile phone owners. The malware reportedly employs advanced interception techniques to capture data and circumvent even the best application-level encryption, making the security features of popular messaging apps like WhatsApp, Telegram and Signal pointless. 

The Sturnus malware does not need to crack encryption, according to MTI. Instead, it uses a sophisticated trick: the malware takes a screenshot once the messages have been decrypted for viewing.By exploiting a device’s ability to read the on-screen contents in real time, Sturnus can steal private message texts without leaving a trace. This means that scammers can access sensitive chats, and potentially collect personally identifiable information (PII) or financial data if shared in secure chats. 

In addition to message interception, Sturnus employs complex social engineering to steal credentials. The malware is capable to display fake login screens that looks like real banking apps, and can be very convincing. Users can inadvertently provide their information to the hackers if they use their login details on these fake sites. 

Sturnus can also simulate an Android system update screen, making the victim believe a normal update is being installed while malicious operations take place in the background. Perhaps most disturbingly, the researchers warn that Sturnus can also increase its privileges by tracking unlock attempts and recording device passwords or PINs. This allows the malware to gain root access which lets the attackers prevent the victims from removing the malicious code or regaining control of their devices. 

The majority of Sturnus infections detected so far are positively grouped in Southern and Central Europe, according to surveillance and analysis by the cybersecurity firm Threat Fabric. Such a restricted geography suggests that threat actors are still experimenting with the capabilities of the malware and the way it operates before potentially launching a worldwide campaign. 

Experts recommend users of Android to be cautious, refrain from downloading apps from unknown sources and be wary when asked accessibility or overlay permissions to apps they don’t know. But with its progress, Sturnus also exhibits the increasing complexity of Android malware and the difficulty in keeping users safe in a landscape of continuously evolving mobile threats.