Signal Phishing Campaign Steals Backup Keys from Activists and Journalists

A coordinated phishing campaign is targeting Signal users — specifically activists, journalists, and other high-risk individuals — with the goal of stealing their Signal recovery keys (a 30-word secret phrase used to restore an encrypted backup of all past messages) to gain unauthorized access to their complete message history. Multiple anti-Chinese Communist Party (CCP) activists have received near-identical lures, and the digital security organization Access Now has confirmed that its Digital Security Helpline has received reports from multiple independent individuals, suggesting a broader targeting operation. Signal responded by adding in-app security warnings in May 2026.

// 01 Signal Phishing: Technical Details

Signal (the end-to-end encrypted messaging application) uses a 30-word recovery phrase — sometimes called a "backup key" or "recovery key" — to encrypt and restore local message backups. This key is the cryptographic equivalent of a master password: anyone who possesses it can decrypt and read the victim's entire Signal message history, including messages that have otherwise been secured by Signal's end-to-end encryption (E2EE — a system where only the sender and recipient can decrypt messages, not even Signal's servers).

The attack mechanism is a classic phishing workflow targeting this specific credential:

• Lure delivery: Victims receive phishing messages (via email, SMS, or social media) that impersonate Signal support communications, claiming the victim's backup is expiring, their account requires verification, or they must confirm their recovery key to maintain access.
• Fake landing page: The lure directs victims to a convincing imitation of Signal's backup or account management interface.
• Recovery key harvesting: The victim enters their 30-word recovery phrase into the attacker-controlled form. The phrase is immediately captured by the attacker.
• Account access: Armed with the recovery key, the attacker can either: (a) restore the Signal backup to their own device to read historical messages offline, or (b) in combination with account takeover, re-register Signal on their device.

The near-identical phrasing of lures across separate, unconnected victims — documented by Access Now's Digital Security Helpline — indicates the campaign is likely using AI-assisted phishing infrastructure: automated systems that generate and dispatch customized lures at scale, a capability that previously required significant manual effort.

%% Signal phishing attack chain — recovery key theft
sequenceDiagram
    autonumber
    participant A as Attacker
    participant V as Victim (Activist/Journalist)
    participant P as Phishing Page
    participant S as Signal Backup

    A->>V: Phishing lure — "Your Signal backup expires soon"
    Note over A,V: Near-identical lures suggest AI-generated infrastructure
    V->>P: Clicks link → lands on fake Signal backup page
    V->>P: Enters 30-word recovery phrase to "verify backup"
    P->>A: Recovery key captured and exfiltrated
    A->>S: Restores Signal backup using stolen recovery key
    Note over A,S: Full historical message access — end-to-end encryption bypassed
    Note over V: Account may appear unaffected; victim unaware

Why E2EE doesn't protect against this: Signal's end-to-end encryption protects messages in transit — they cannot be intercepted between sender and recipient. But if an attacker obtains the recovery key, they are functioning as the legitimate account holder's backup restoration process. The encryption is working correctly; the attacker has the key to decrypt it. Phishing for recovery keys is one of the few attacks that can defeat E2EE messaging without breaking the encryption itself.

// 02 Exploitation Status and Threat Landscape

The targeting of anti-CCP activists specifically points toward a state-affiliated or state-adjacent threat actor with an interest in the communications of dissidents and critics of the Chinese government. While no government has been officially attributed by the researchers reporting this campaign, the targeting profile — political activists concerned about Chinese government surveillance — aligns with historically documented operations by threat actors associated with Chinese state interests, including APT41, APT10, and various Ministry of State Security (MSS) affiliated groups.

The campaign is particularly significant because it comes amid a broader pattern of Signal-targeting attacks throughout 2026. Russian military intelligence-linked actors have also been documented using Signal device-link QR code phishing (a different technique that links a victim's Signal account to an attacker-controlled device, providing real-time access to new messages). The backup key theft campaign appears distinct from the QR code technique, suggesting multiple independent threat actors are targeting Signal's user base through different attack vectors.

Signal's response — adding in-app security warnings in May 2026 — is a meaningful mitigation that alerts users when they are about to perform actions that could compromise their account security. The company has not publicly confirmed the scope or source of the campaign.

// 03 Who Is Affected

High-risk Signal users — journalists, activists, legal aid workers, government officials, dissidents, and human rights defenders — represent the primary targets of this specific campaign. These are individuals for whom Signal was purpose-built: people who require secure communications and face adversaries with significant capabilities.

General Signal users are at lower but not zero risk. The campaign's AI-assisted infrastructure could be scaled to target broader populations, and any Signal user who uses their recovery key to restore a backup is in the threat model.

Organizations supporting at-risk individuals — including NGOs, press freedom organizations, and digital security nonprofits — should brief their contacts on this threat and provide guidance on identifying Signal phishing lures.

// 04 What You Should Do Right Now

• Never enter your Signal recovery phrase into any website, form, or application. Signal will only ask you for this phrase when you are manually restoring a backup on the Signal application itself. No email, SMS, or web form should ever need your recovery key.
• Generate a new recovery key immediately if you believe you may have entered it anywhere outside of the Signal app. Open Signal → Settings → Chats → Generate New Recovery Key. Previous backups using the old key cannot be accessed by anyone who had the original key once a new one is generated.
• Enable registration lock in Signal (Settings → Account → Registration Lock). This adds a PIN requirement before anyone can re-register your phone number with Signal on a new device, preventing account takeover even if an attacker has your phone number.
• Check linked devices. Open Signal → Settings → Linked Devices. Remove any device you do not recognize. An attacker who has previously used QR code phishing to link their device will appear here.
• Report suspicious messages. If you receive a message claiming to be from Signal support requesting your recovery key or any account verification, report it immediately via Signal's in-app reporting tools and forward the details to Access Now's Digital Security Helpline if you are a high-risk individual.
• Train your contacts. If you communicate with activists, journalists, or other at-risk individuals via Signal, share this warning. The attack is designed to exploit users who don't understand the significance of the recovery phrase.

// 05 Background: Understanding the Risk

The Signal recovery key phishing campaign exploits a fundamental gap in security literacy: most users of end-to-end encrypted messaging applications understand that their messages are private, but do not understand the specific mechanisms by which that privacy can be undermined. The recovery key is Signal's most sensitive credential — more sensitive than the account password itself, because it unlocks the historical archive of all past messages.

This attack is conceptually similar to seed phrase theft from cryptocurrency wallets: both target the "master key" that unlocks an encrypted store of high-value data. The techniques used to steal cryptocurrency seed phrases — phishing pages, social engineering, fake support interactions — translate directly to Signal recovery key theft.

The AI-assisted nature of the infrastructure is a critical development. Traditional targeted phishing requires manual effort: research the victim, craft a personalized lure, build a convincing fake page, monitor submissions. AI-assisted phishing automates the lure generation and delivery at scale, enabling a campaign that was historically only feasible against the highest-value individual targets to be deployed against hundreds or thousands of at-risk users simultaneously.

Signal's in-app warning system is a meaningful response, but it depends on users seeing and heeding the warning before entering their recovery phrase. Security education — specifically communicating to high-risk users that their recovery phrase should never leave the Signal application itself — remains the most effective mitigation.

// 06 Conclusion

A coordinated, AI-assisted phishing campaign is targeting Signal users — specifically activists and journalists — to steal their 30-word recovery keys and access complete message histories that Signal's end-to-end encryption would otherwise protect. The targeting of anti-CCP activists suggests a state-adjacent threat actor with political motivations. Signal users must understand that no legitimate service or support channel will ever request their recovery phrase outside the Signal app itself. Anyone who may have entered their recovery phrase into a third-party site should generate a new key immediately and enable Signal's registration lock feature.