A mobile spyware campaign distributes a trojanized version of Israel's "Red Alert" Android emergency app via malicious SMS messages impersonating official communications. The malicious app maintains its legitimate alert functionality while covertly harvesting sensitive data, including SMS messages, contacts, location, and installed apps, and exfiltrating it to attacker-controlled servers. This highlights the exploitation of public trust in emergency services for social engineering and underscores the need to verify app sources and monitor for unusual device behavior.
Researchers have uncovered a mobile spyware campaign distributing a trojanized version of Israel’s “Red Alert” rocket warning Android app through SMS messages impersonating official emergency communications. The malicious app retains its legitimate alert functionality to appear trustworthy while secretly collecting sensitive data such as SMS messages, contacts, location information, and installed app details. Stolen data is then transmitted to attacker-controlled servers. The campaign demonstrates how attackers exploit public trust in emergency services and current events to deploy mobile espionage tools. The findings highlight the importance of verifying app sources and monitoring unusual device behavior during periods of heightened social engineering activity.