Malicious version of the Israeli incoming airstrike warning app have been found distributed over internet.
Red Alert is a legitimate app used by Israeli citizens to receive notifications of incoming rocket attacks. The app’s popularity has soared since the attack in South Israel and a malicious version of the app has been discovered. The fake site serving the malicious software was created on October 12 2023 and provided download options for both iOS and Android versions. The iOS download link redirect users to the legitimate app on the Apple App Store, but the Android link downloads the malicious Android APK file. This spoofed version uses the same code as the legitimate app, so it provides the same functionality. It however also includes some additional malicious features. The app requests additional permissions that the legitimate app does not, such as access to the user’s contacts, numbers, SMS content, list of installed software, call logs, phone IMEI, logged in email and app accounts and more. The app collects those data when it is launched and uploads them to an external server. To determine between the legitimate and malicious versions, review the permission the app requests or has access to. You can do that by long pressing the app icon, selecting “App Info” and “Permissions”.
https://www.darkreading.com/application-security/fake-airstrike-alert-app-targets-israelis
https://www.bleepingcomputer.com/news/security/fake-redalert-rocket-alert-app-for-israel-installs-android-spyware/
This segment was created for the It’s 5:05 podcast