Hackers are targeting Signal users in a new wave of phishing attacks designed to steal their chat backups. By posing as the app's support team, hackers warn that backed-up chats and media are at risk of loss unless the user shares their recovery key.

While the campaign seems to target activists opposed to China’s Communist Party, security experts suggest it may be more widespread. The effectiveness of these attacks is uncertain, but stealing a victim's recovery keys is just one step; hackers still need to take over the account.

This phishing tactic is particularly concerning because Signal backups can contain older chats, photos and documents. Previous campaigns aimed at hijacking users' accounts have failed to access past messages due to how Signal is designed. However, gaining access to a user's online backup requires the recovery key, making it crucial for users to keep this securely stored.

Signal launched Secure Backups last year as an opt-in feature, allowing users to upload their account contents to encrypted servers with a unique recovery key that never leaves the user’s device. Users are advised to store this key safely, ensuring they can regain access if needed without risking exposure of their data.