top of page
Search

Hackers Abuse Red Alert App to Spy on Israeli Users

  • Mar 8
  • 2 min read

Key Findings


  • Deceptive mobile campaign discovered targeting people in Israel using a fake version of the popular "Red Alert" life-saving app

  • The app appears to be a modified version of the legitimate "Red Alert" app, which is widely used to provide real-time warnings about incoming rockets

  • The attack starts with a simple text message claiming there is a technical problem with the current alert system and providing a link to download an updated version


Background


  • The "Red Alert" app is widely used in Israel to provide real-time warnings about incoming rockets

  • Hackers have targeted rocket-alert applications used by Israelis in the past, such as the AnonGhost group's claim of compromising the Red Alert app in 2023


How the Scam Works


  • Users receive an SMS message that appears to be from the official Home Front Command, claiming there is a technical problem with the current alert system and providing a link to download an updated version

  • Once the user clicks the link and installs the file, the app functions like the real "Red Alert" app, displaying legitimate rocket alerts to stay hidden

  • However, the app is secretly running malicious code in the background to steal private data from the user's device


Malicious App Features


  • The app requests a total of 20 permissions, including 6 highly sensitive ones

  • It can track the user's precise GPS location, read private text messages to intercept one-time passwords, and collect contact lists

  • The app also identifies all other apps installed on the phone and extracts accounts registered on the device, such as Google or email

  • The stolen data is sent back to a remote server


Deception Tactics


  • The app uses certificate spoofing to trick Android security and make it appear as if it was installed from the Google Play Store

  • This is not the first time this group has used similar tactics, as they have been observed using geopolitical events to trick victims in the past


Potential Threat Actors


  • The researchers believe the group known as Arid Viper (or APT-C-23) might be behind the attack, as the methods match their previous work targeting the region


Sources


  • https://hackread.com/hackers-fake-red-alert-rocket-alert-app-spy-israel-users/

  • https://x.com/HackRead/status/2030275476292358546

  • https://www.linkedin.com/posts/dlross_hackers-spread-fake-red-alert-rocket-alert-activity-7436146158613286912-C4-W

  • https://www.reddit.com/r/InfoSecNews/comments/1rn9y9t/hackers_spread_fake_red_alert_rocket_alert_app_to/

  • https://www.socdefenders.ai/item/7996898a-0e3e-4152-a729-fd21f61da9bd

Recent Posts

See All

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page