Israeli and international cyber authorities have warned of a mobile malware campaign that uses text message spoofing to impersonate official crisis alerts, raising concerns about a co-ordinated digital offensive against civilian communications.
Security experts have identified a Trojan campaign that spreads a malicious version of the widely used Red Alert emergency app through text messages appearing to originate from the Israeli Home Front Command.
CloudSEK, a risk-monitoring company, said the "Trojanised" Android app impersonates Israel's emergency alert platform and uses SMS spoofing to steal sensitive user data.
"Attackers are exploiting conflict-driven urgency to push a Trojanised Android app that can steal SMS, contacts and location data – turning a trusted public safety use case into a surveillance and data theft risk," said Shashank Shekhar, the company's managing editor.
The Red Alert app provides real-time location-based notifications about aerial attacks and other emergency threats in Israel, and serves as a life-saving resource in the face of Iran's retaliatory attacks.
The hoax messages urge recipients to update their emergency alert app by clicking a link, but instead of installing a legitimate update, users download spyware. The fraudulent messages use a sender name designed to resemble official Home Front Command communications, exploiting the trust placed in mobile alerts during rocket fire, air strike warnings and other civil defence emergencies.
Once installed, the Trojanised Android app requests extensive permissions. If granted, the malware can access contact lists, text messages, call logs and device identifiers. Cyber security analysts say such access would allow attackers to harvest sensitive personal data and potentially transmit it to remote command servers.
Escalating digital tension
This campaign comes amid a broader period of hybrid conflict where digital, military and physical infrastructure attacks are converging across the Middle East. Cyber war and military escalation are no longer parallel tracks, but increasingly intertwined arenas of confrontation, experts said.
Since Saturday, a series of joint US-Israeli military strikes against Iran has triggered repeated Iranian ballistic missile and drone attacks across the Gulf, forcing temporary airspace closures and heightening military alerts from Kuwait to the UAE.
Digital infrastructure is becoming both a target and a tactical lever. Cyber security experts have documented a rise in hacktivist activity-related intrusions and distributed denial of service attacks, even as kinetic strikes and retaliatory operations disrupt conventional infrastructure.
In the Gulf, authorities are also dealing with the fallout from a wave of strikes that have directly damaged major digital infrastructure. Drone attacks at the weekend damaged three Amazon Web Services data centres in the UAE and Bahrain, disrupting cloud services used by banks, logistics operators and government entities.
The strikes on AWS facilities mark a rare instance where a major global cloud provider’s sites have been affected directly by armed conflict, compounding regional service disruptions.
