Amnesty International Warns Spyware Attacks and Phishing Target Signal Users and Tel Aviv Court Case

Amnesty International warned that digital surveillance threats are rising, describing “sofisticados ataques con software espía” and phishing campaigns that adapt as defenders change tools like Signal, VPN, or Tor.

“Desde sofisticados ataques con software espía hasta phishing masivo a través de smartphones, pasando por la tecnología de reconocimiento facial, la variedad y el alcance de las amenazas que representa la vigilancia a los defensores y defensoras de los derechos humanos van en aumento”

Amnesty International

Amnesty Tech’s Ramy Raoof said attackers adjust to what people use, explaining that “tratan de atacar Signal” when users switch to the messaging app.

Amnesty International

Amnesty Tech researcher Etienne Maynier said advanced spyware attacks no longer require the target to click a link, describing how NSO’s spyware “piratean el tráfico de nuestro navegador web y nos redirigen a un sitio web malicioso”.

Amnesty International also said a judicial process in Tel Aviv involves groups including Amnesty trying to force Israel’s Ministry of Defense to revoke NSO Group’s export license, after WhatsApp initiated a legal action against NSO Group for attacks on more than a thousand users.

TechCrunch reported a new wave of phishing attacks targeting Signal users’ chat backups, where hackers pose as the app’s technical support service and warn that backed-up chats and media are “at risk of permanent loss due to a sync issue.”

Washington Post analyst Josh Rogin posted a screenshot showing the message purporting to come from an account called Signal Support, telling the target to share the recovery key used to access online backups in the chat.

Bleeping Computer

Mohammed Al-Maskati of Access Now told TechCrunch that stealing the recovery keys is only one step, because hackers still have to take over the victim’s account.

Signal administration warned users that the company never initiates contact and will never ask for a registration code, PIN, or recovery key, and said any requests from an account named “Signal Support” are fraudulent.

Le Parisien described a voicemail scam in which smartphone users receive a text about a mystery caller’s voicemail and are invited to click a link to “listen to it and respond before tonight,” leading to premium-rate calls.

The article said the scam is a derivative of the “Ping Call” or “premium-rate number scam,” and described a scenario where an unlisted number calls, no one answers, and the victim is pushed to call back immediately without knowing the call will be charged.

Le Parisien quoted the Directorate General for Competition, Consumption and Fraud Repression (DGCCRF) advising people to “learn to recognize a premium-rate number” and to beware of recommendations that seem surprising.

In parallel, Amnesty Tech’s Ramy Raoof advised basic phone safety steps, including downloading apps only from the official app store and updating systems and applications frequently to ensure the latest security patches.