Hacked Prayer App Sends Surrender Messages to Iranians, Scammers in the UAE Exploit Crisis to Steal IDs
Published
Key Takeaways
- Compromised Application: The 'BadeSaba' prayer app was hacked to broadcast "surrender" notifications to millions of Iranians during airstrikes.
- Psychological Operations: Messages promised amnesty to military personnel who laid down arms and “joined the forces of liberation”, coinciding with kinetic military action.
- UAE Fraud: Meanwhile, threat actors in the United Arab Emirates are exploiting geopolitical tensions to harvest personal data through phone scams impersonating official bodies.
Millions of Iranian citizens received unsolicited push notifications via a compromised mobile application. The 'BadeSaba Calendar,' a prayer timing app with over 5 million downloads on the Google Play Store, was infiltrated to send surrender messages to Iranians, in what seems to be a coordinated psychological operation coinciding with Israeli airstrikes on Tehran.
Meanwhile, scam calls in the United Arab Emirates (UAE) impersonating the Ministry of Interior (MOI) use a national alert lure to collect Emirates ID (EID) numbers.
Hacked Prayer App Broadcasts Psychological Warfare
The BadeSaba Calendar notifications, which began appearing shortly after explosions were reported, urged Iranian military personnel to lay down their weapons. The messages claimed "help is on the way" and promised amnesty to those who joined "forces of liberation."
“The regime's repressive forces will pay for their cruel and merciless actions against the innocent people of Iran. Anyone who joins in defending and protecting the Iranian nation will be granted amnesty and forgiveness,” notifications translated from Farsi say, according to WIRED, adding that “time for revenge has come.”
“For the freedom of our Iranian brothers and sisters, this is a call to all oppressive forces – lay down your weapons or join the forces of liberation. Only in this way can you save your lives. For a free Iran,” another message reportedly read.
The synchronization of the hacked prayer app notifications with physical airstrikes indicates advanced planning and deep system compromise, and experts noted that a nation-state actor may be behind the intrusion.
UAE Scam Alert: Exploiting Regional Tensions
As tensions escalate, opportunistic threat actors are launching social engineering attacks in neighboring regions. A UAE scam alert has been issued about fraudsters impersonating employees purportedly affiliated with the “Dubai Crisis Management” department and the Dubai Police.
These scammers call residents, claiming to verify receipt of "national alerts" related to the regional situation, and unlawfully request sensitive information, including UAE Pass credentials and EID number, for purported verification.
Since government entities will never request sensitive personal data or EID numbers via phone, residents are urged to remain vigilant against these scams and refuse any requests for personal information during unsolicited calls.
A January report outlined that voice phishing campaigns use custom Phishing-as-a-Service kits, and the Greek Police earlier this year arrested scammers in Athens who leveraged fake cell towers for SMS phishing.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular