Home > Security > Security News

RedAlert Trojan Campaign Disseminates Fake Emergency App Targeting Israel via SMS Spoofing, Steals Contacts, GPS Data

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
Red Alert - Emergency - Permission - Security Risk - Phones
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • SMS Trojan: Threat actors are executing a RedAlert Trojan campaign using targeted SMS phishing to distribute a malicious Android application.
  • Impersonation: The fake emergency alert app masquerades as the Israeli Home Front Command to intercept SMS messages, contact lists, and real-time GPS data.
  • Operational risks: The campaign is exploiting regional conflict to track civilian locations and compromise multi-factor authentication protocols.

An advanced mobile espionage operation is actively exploiting regional instability through a highly targeted RedAlert Trojan campaign. Threat actors are utilizing SMS spoofing in Israel to deliver malicious payloads directly to civilian mobile devices, bypassing traditional network perimeters. 

By mimicking legitimate government broadcasting channels, this operation manipulates users into downloading a fake emergency alert app under the guise of an urgent software update required for incoming rocket warnings.

Architecture of the Fake Emergency Alert App

The primary infection vector relies on instructing users to sideload an APK file outside the secure environment of the Google Play Store, according to the latest CloudSEK report. Once installed, the trojan perfectly replicates the graphical user interface of the official application. 

RedAlert app on Google Play | Source: CloudSEK 
RedAlert app on Google Play | Source: CloudSEK 

However, the underlying architecture employs dynamic proxy hooks to spoof legacy signing certificates, successfully evading Android verification checks, and via the invoke method, makes the app appear as if it were officially installed from the Play Store instead of sideloaded.

Fake Israeli Home Front Command's "Red Alert" application | Source: CloudSEK
Fake Israeli Home Front Command's "Red Alert" application | Source: CloudSEK

The malware uses reflection and proxying to manipulate internal app fields, allowing it to dynamically load secondary payloads. Upon execution, the malware aggressively polls for high-level system permissions, enabling it to harvest sensitive data, including:

Mitigating Severe Cybersecurity Threats

The rapid exfiltration of real-time geospatial data and private communications presents critical cybersecurity threats. To neutralize this threat vector, security administrators must enforce strict Mobile Device Management (MDM) policies that prevent unauthorized application sideloading. 

Users with compromised hardware must immediately:

As the U.S. Cyber Command announced disrupting Iranian communications and sensors in a joint operation with Israel, researchers this week warned of retaliatory cyberattacks. In January, the new Devixor malware showed banking RAT and ransomware capabilities while targeting Iranian banks, crypto platforms, and payment services.

Add a Comment
Related
Suspected Iranian Threat Actors Compromise IP Camera Feeds in Iran, Israel, the UAE, Qatar, Bahrain
The Coruna iPhone Exploit Kit Used by Cybercriminals, Possibly a Leaked Government Hacking Tool
Man holding an envelope targeted by a fishing hook, depicting phishing attack
OAuth Redirect Abuse Targets Government and Public Sector Organizations, Microsoft Warns
Wisconsin ‘Denmark School District’ Cyber Incident Triggering Network Outage Claimed by INC Ransom
Iranian Communications and Sensors Disrupted by US Cyber Command; Researchers Warn of Retaliatory Cyber Attacks
German Court Convicts Key Operator of Global Multi-Million Investment Scam Milton Group
Most Popular
Suspected Iranian Threat Actors Compromise IP Camera Feeds in Iran, Israel, the UAE, Qatar, Bahrain
The Coruna iPhone Exploit Kit Used by Cybercriminals, Possibly a Leaked Government Hacking Tool
Man holding an envelope targeted by a fishing hook, depicting phishing attack
OAuth Redirect Abuse Targets Government and Public Sector Organizations, Microsoft Warns
Wisconsin ‘Denmark School District’ Cyber Incident Triggering Network Outage Claimed by INC Ransom
Iranian Communications and Sensors Disrupted by US Cyber Command; Researchers Warn of Retaliatory Cyber Attacks
German Court Convicts Key Operator of Global Multi-Million Investment Scam Milton Group
Suspected Iranian Threat Actors Compromise IP Camera Feeds in Iran, Israel, the UAE, Qatar, Bahrain
The Coruna iPhone Exploit Kit Used by Cybercriminals, Possibly a Leaked Government Hacking Tool
OAuth Redirect Abuse Targets Government and Public Sector Organizations, Microsoft Warns
Wisconsin ‘Denmark School District’ Cyber Incident Triggering Network Outage Claimed by INC Ransom
Iranian Communications and Sensors Disrupted by US Cyber Command; Researchers Warn of Retaliatory Cyber Attacks
German Court Convicts Key Operator of Global Multi-Million Investment Scam Milton Group

Most Popular
Suspected Iranian Threat Actors Compromise IP Camera Feeds in Iran, Israel, the UAE, Qatar, Bahrain
The Coruna iPhone Exploit Kit Used by Cybercriminals, Possibly a Leaked Government Hacking Tool
Man holding an envelope targeted by a fishing hook, depicting phishing attack
OAuth Redirect Abuse Targets Government and Public Sector Organizations, Microsoft Warns
Wisconsin ‘Denmark School District’ Cyber Incident Triggering Network Outage Claimed by INC Ransom
Iranian Communications and Sensors Disrupted by US Cyber Command; Researchers Warn of Retaliatory Cyber Attacks
German Court Convicts Key Operator of Global Multi-Million Investment Scam Milton Group
Suspected Iranian Threat Actors Compromise IP Camera Feeds in Iran, Israel, the UAE, Qatar, Bahrain
The Coruna iPhone Exploit Kit Used by Cybercriminals, Possibly a Leaked Government Hacking Tool
OAuth Redirect Abuse Targets Government and Public Sector Organizations, Microsoft Warns
Wisconsin ‘Denmark School District’ Cyber Incident Triggering Network Outage Claimed by INC Ransom
Iranian Communications and Sensors Disrupted by US Cyber Command; Researchers Warn of Retaliatory Cyber Attacks
German Court Convicts Key Operator of Global Multi-Million Investment Scam Milton Group

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: