Trojanized Israeli rocket warning app spread in cyberespionage campaign

Israeli civilians have been targeted with SMS phishing attacks spreading a fraudulent version of the country's Red Alert rocket warning app as part of a cyberespionage campaign amid the ongoing Israel-Iran conflict, according to Infosecurity Magazine.

Installing the trojanized app from malicious SMS messages triggers a multi-stage infection chain involving the deployment of an initial loader that facilitates concealed asset extraction and a dynamically loaded intermediate loader before the eventual execution of a spyware with banking trojan capabilities that communicates with the command-and-control server, a report from CloudSEK showed. Approval of access permissions prompts the harvesting of SMS inboxes, contact lists, and real-time location details, which are then exfiltrated to attacker-controlled servers, sad researchers, who noted that the campaign not only permits military tracking and potential psychological operations but also undermines public trust in official alert systems.

Such a threat necessitates immediate device isolation, admin privilege revocation, and total device resets, as well as illicit domain blocking and app sideloading restrictions.