Ideally you should have only one or maximum two devices (phone and computer) attached to both Telegram or Signal. I just don't see it practical for adding other devices

Easy way to avoid this is to frequently check linked devices list and revoke devices you aren't using. 

kepford

security

Hackers Exploit Signal's Linked Devices Feature via Malicious QR Codes

ch0k1

> it's tracking as UNC5792, have resorted to malicious QR codes that, when scanned, will link a victim's account to an actor-controlled Signal instance.

> As a result, future messages get delivered synchronously to both the victim and the threat actor in real-time, thereby granting threat actors a persistent way to eavesdrop on the victim's conversations. Google said UAC-0195 partially overlaps with a hacking group known as UAC-0195.

So basically they are tricking users into scanning malicious QR. The users think they are joining a group but are adding a new device. Clever. 