Hackers Target Israelis With Spyware Disguised as Emergency Alert App
Hackers have launched a cyber-espionage campaign targeting Israeli citizens using spyware disguised as a smartphone application that mimics a popular emergency alert service.
This was revealed in a cybersecurity report released on Friday by Swiss cybersecurity firm Acronis.
According to the report, the campaign surfaced in the aftermath of recent military strikes by the United States Armed Forces and the Israel Defense Forces on targets in Iran.
Researchers said attackers are sending fraudulent text messages that appear to originate from the Home Front Command of the Israel Defense Forces. The messages urge recipients to download what is presented as an updated version of the widely used “red alert” application, a mobile tool that warns residents of incoming rocket attacks.
However, anyone who follows the instructions and installs the application unknowingly downloads spyware onto their Android device.
The malicious software can secretly track precise location data and extract sensitive information stored on the device, including text messages, passwords and contact lists.
According to Acronis’ threat research unit, the campaign exploits public trust in emergency alert systems, particularly during periods of heightened military tension.
The hackers behind the operation are believed to be linked to Arid Viper, a threat actor previously associated with cyber-espionage activities targeting Israeli military personnel and individuals in Egypt and Palestine.
In a related development, a report by the Financial Times citing Israeli intelligence sources alleged that nearly all traffic cameras in Tehran had been compromised in a broader surveillance operation. The report said video footage from the cameras was encrypted and transmitted to servers in Tel Aviv and southern Israel as part of an intelligence-gathering effort involving cyber intrusion, human assets and advanced data analytics.
One Israeli intelligence official reportedly said the extensive monitoring enabled analysts to track daily routines and detect irregularities, noting that intelligence teams “knew Tehran like we know Jerusalem.”
The surveillance reportedly helped analysts monitor movements around Pasteur Street in Tehran, an area hosting key government institutions and where Iran’s Supreme Leader, Ali Khamenei, was reportedly killed.
Separately, cybersecurity firm Check Point Software Technologies said on Wednesday that attackers had also attempted to breach surveillance camera systems in Israel and other countries across the Middle East.
Several hacking groups believed to be aligned with Iran have claimed responsibility for cyberattacks targeting Israeli companies and government agencies in recent days.
Despite the surge in cyber activity, cybersecurity analysts say digital attacks have not yet played a decisive role in the conflict, which escalated after U.S. and Israeli forces launched strikes on Iranian targets on February 28.
