New Delhi: Cybersecurity firm CloudSEK has flagged a malicious mobile campaign distributing a fake version of Israel’s “Red Alert” emergency warning application, originally operated by the Israel Home Front Command. The counterfeit app is being circulated through spoofed SMS messages that prompt users to sideload an Android APK outside official app stores.
In its latest threat intelligence report, CloudSEK said the trojanised application closely replicates the interface of the legitimate alert platform to avoid raising suspicion. However, unlike the authentic app that primarily requires notification access, the fake version aggressively seeks high-risk permissions, including access to SMS messages, contacts, and precise location data.
The campaign comes amid the ongoing Israel-Iran conflict, where public reliance on real-time safety alerts has intensified. Researchers found that attackers are exploiting this urgency by presenting the malware as an emergency update. Technical analysis revealed the use of signature and installer spoofing, reflection techniques, and multi-stage payload loading to evade detection. Once installed, the malware silently collects data and transmits it to attacker-controlled servers.
CloudSEK warned that in a live conflict scenario, compromised location and SMS data could pose serious security risks, potentially exposing movement patterns and shelter activity. The company has urged users to download emergency applications only from official app stores and advised organisations to block identified indicators of compromise and monitor for suspicious sideloaded packages.
Also Read –
ServiceNow to Acquire Armis for $7.75 Bn, Strengthening Cybersecurity Portfolio
