Israeli Android users should beware of a fake rocket alert app that mimics the legitimate “RedAlert – Rocket Alerts” app created by volunteers to warn Israeli citizens of incoming airstrikes in real time. The official app is available on Google Play Store and has over 1 million downloads.
Cloudflare’s Cloudforce One Threat Operations Team said it discovered a website (redalerts[.]me) hosting a malware-laced version of RedAlert – Rocket Alerts application, which installs spyware on users’ phones.
The malicious website provided links to both the iOS and the Android version of the RedAlert app. While the link to the Apple App Store referred to the legitimate version of the RedAlert app by Elad Nava, the link pointing to the Android version hosted on the Play Store led to a malicious APK file.
The fake app is designed to harvest sensitive user information, for which it asks for multiple permissions, including access to contacts, call logs, SMS, account information, as well as an overview of all installed apps.
Users who installed the Android version of the app are strongly advised to delete it immediately. To determine if the installed version of the app is malicious, users need to check the permissions granted to the RedAlert app.
“If users are unsure whether they installed the malicious version, they can delete the RedAlert applications and reinstall the legitimate version directly in the Play Store,” Cloudflare said.
This is not the first time threat actors have targeted Israel’s RedAlert apps. Last week, a pro-Palestinian hacktivist group called AnonGhost exploited a flaw in the Red Alert app and sent a fake threat of a nuclear attack.
