CloudSEK, an AI-driven cybersecurity firm, has discovered a harmful SMS spoofing campaign circulating a tampered version of Israel’s official “Red Alert” emergency app. This scheme takes advantage of public anxiety during the Israel-Iran conflict by sending deceptive messages that urge users to install a fake Android app. The fraudulent application, posing as a critical wartime update, mimics Israel’s Home Front Command alert system and includes spyware features.
The fake app, unlike the genuine one found on Google Play Store, asks for risky permissions like access to SMS, contacts, and precise location data. Once installed, the malware can intercept text messages, gather contact details, and continuously monitor GPS coordinates. To evade detection, the malicious software uses sophisticated tactics such as signature spoofing and installer spoofing, making it challenging to identify.
Researchers observed that the malware, through background threads, monitors permission grants during operation. Data collected from infected devices is stored locally and sent to attacker-controlled servers via HTTP POST requests. The campaign utilizes cloud-hosted infrastructure, complicating efforts to trace its origin back to AWS and Cloudflare services. CloudSEK cautioned that this spyware presents digital and physical security threats, potentially exposing civilian movements during air raids and enabling attackers to bypass security measures.
To mitigate risks, users are advised to refrain from downloading apps from unknown sources and to obtain emergency applications solely from official stores. In case of suspected infections, immediate isolation of the device and a complete factory reset are recommended to prevent further data breaches.
