Spyware disguised as ‘RedAlert’ app targeting Israeli Android users

0
39

[ad_1]

Security researchers have discovered new spyware targeting Android users in Israel. Threat actors are using a fake version of the “RedAlert – Rocket Alerts” app to steal information from the victim’s phone. The app can collect the user’s contact list, messages, call logs, phone IMEI, logged-in emails, and more data.

Threat actors target Israeli Android users with spyware-laced “RedAlert” app

RedAlert – Rocket Alerts is a genuine open-source app that Israeli citizens use to get real-time alerts about incoming rockets or missiles. The app has been around on the Google Play Store for a long time now but has seen a sudden rise in popularity after the Israel-Gaza conflict escalated earlier this month. Reports say more than 5,000 rockets have been launched into the country by Hamas since October 7.

In the wake of this war, Israeli citizens are relying on the RedAlert – Rocket Alerts app to get timely alerts about airstrikes and seek safety. Developed by Elad‌‌ Nava, the app has already garnered more than one million downloads on the Play Store. It’s also available for iPhones on the Apple App Store. Unfortunately, some people search for apps online rather than in the stores. Threat actors are exploiting this to trick them into downloading spyware.

According to Cloudflare, the people behind this attack created the website “redalerts[.]me” on October 12, 2023, to distribute the spyware-laced app. It includes two buttons to download the app for Android and iOS platforms. The latter button takes users to the genuine app on the App Store. However, the Android download button downloads a fake APK directly onto the user’s device.

Unsuspecting users who visit the website looking for the RedAlert – Rocket Alerts app think they have downloaded the genuine app and proceed to install it. Since the fake version is built using the real app’s source code, it offers the same functionality. So most people don’t notice any anomaly after installation either. However, the fake app requests additional permission from the user to collect data that it doesn’t require.

This attack reminds us about the dangers of sideloading apps

When launched, the spyware version of RedAlert – Rocket Alerts abuses the permissions to steal data and uploads it to servers operated by the threat actors. The app employs anti-analysis tactics such as anti-debugging, anti-emulation, and anti-test to avoid the detection of its malicious activities.  However, anyone can differentiate between the real and the fake app by checking permissions. The latter asks for too many unnecessary permissions.

This attack once again demonstrates the dangers of sideloading apps from unknown sources. You should always download apps from official sources, such as the Google Play Store. The website used to distribute the spyware version of the RedAlert – Rocket Alerts app has been taken down, but the attackers could soon launch a new domain. If you’re using this app, make sure that it’s downloaded from the Play Store and update it to the latest version.

[ad_2]

Source link