Russian state-sponsored hackers have allegedly been trying to hijack WhatsApp and Signal accounts on a global scale by tricking users into handing over their login authentication codes.
The warning comes from the Netherlands’ General Intelligence and Security Service, also known as AIVD, which issued an advisory about the “large-scale global cyber campaign” on Monday.
The intelligence agency says Russians hackers are targeting accounts “belonging to dignitaries, military personnel and civil servants”; victims include Dutch government employees.
WhatsApp and Signal are best known for using end-to-end encryption, which can prevent even the messaging services themselves from decrypting user chats. However, both apps are still susceptible to account takeovers, which can allow someone to access an account on a second phone, paving the way for a hacker to steal access and spy on messages.
“An interesting aspect of this Russian campaign is that it does not exploit any technical vulnerabilities of the messaging services,” AIVD notes. “The attackers instead make malicious use of legitimate security features of the apps.”
This includes tricking users into handing over a one-time authentication code. The AIVD warned that “the most frequently observed method used by the Russian hackers is to masquerade as a Signal Support chatbot in order to induce their targets to divulge their codes. The hackers can then use these codes to take over the user’s account.”
This Tweet is currently unavailable. It might be loading or has been removed.
In a tweet thread, Signal also confirmed the threat and included a screenshot of one of the phishing messages the Russian hackers allegedly sent. The message pretended to come from a non-existent “Signal Support Bot,” and claimed suspicious activity had been detected on the user’s account.
“We have also detected attempts to gain access to your private data in Signal,” the phishing message says. “To prevent this, you have to pass verification procedure, entering the verification code to Signal Security Support Chatbot.”
Recommended by Our Editors
However, Signal cautions users to never share the verification code, saying it’s “only ever needed when you are first signing up for the Signal app.” If the code is shared with the user-registered PIN number, a hacker can set up and access the user’s Signal account on a second phone.
Signal added: “We also want to emphasize that Signal Support will never initiate contact via in-app messages, SMS, or social media to ask for your verification code or PIN. If anyone asks for any Signal-related code, it is a scam. We make this clear when users receive their SMS code during initial signup.”
The AIVD also warns that Russian hackers are gaining access to user accounts by abusing the “linked devices” feature in both Signal and WhatsApp, which lets you view your chats on a desktop PC. Russian hackers have previously been accused of exploiting the feature through phishing messages as well.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Our Expert
Michael Kan
Senior Reporter
Experience
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
Read Full Bio
&w=1024&resize=1024,1024&ssl=1 "Google Chrome ganha tela dividida e marcação de textos")
:strip_icc()/i.s3.glbimg.com/v1/AUTH_08fbf48bc0524877943fe86e43087e7a/internal_photos/bs/2025/Z/8/BwLABMSyObUItAT6FYog/copia-de-x-5-.jpg?w=1024&resize=1024,1024&ssl=1 "MEC Enem: usamos o aplicativo para corrigir redação; veja a nota")
