A misleading cell phone marketing campaign has been found by the analysis agency Acronis concentrating on folks in Israel by utilizing a faux model of a preferred life-saving app. Based on researchers from the Acronis Risk Analysis Unit (TRU), the rip-off entails a modified model of the Purple Alert app, which is broadly used to offer real-time warnings about incoming rockets.
How the Rip-off Works
The assault begins with a easy textual content message. As we all know it, throughout instances of battle, persons are more likely to belief emergency alerts. The scammers benefit from this by sending SMS messages that appear to be they’re from the official Dwelling Entrance Command. These messages declare there’s a technical downside with the present alert system and supply a hyperlink to obtain an up to date model.
As soon as a consumer clicks the hyperlink and installs the file, the app really works similar to the true one. It exhibits reputable rocket alerts, which helps it keep hidden on the telephone. Nonetheless, whereas the app seems regular on the floor, it’s secretly working malicious code within the background to steal non-public knowledge.
Deep Knowledge Theft
As per Acronis’ analysis weblog publish, shared with Hackread.com, the app asks for a complete of 20 permissions, together with six extremely delicate ones. As soon as these are granted, the software program can monitor a consumer’s exact GPS location, learn non-public textual content messages to intercept one-time passwords, and acquire contact lists. Additional investigation revealed that it additionally identifies all different apps put in on the telephone and extracts accounts registered on the gadget, resembling Google or e-mail.
The Acronis staff additionally discovered that the stolen knowledge is shipped again to a distant server. To make the app appear protected, the creators used certificates spoofing to trick Android safety and even compelled the telephone to say the app was put in from the Google Play Retailer.
A Sample of Deception
It’s price noting that this isn’t the primary time this staff has seen such ways. Researchers famous that this marketing campaign follows a sample of utilizing geopolitical occasions to trick victims. Acronis TRU noticed related exercise throughout the January Venezuela operation, wherein the China-linked group Mustang Panda reportedly used themed phishing to focus on officers and deploy LOTUSLITE malware.
The staff additionally found the Crescent Harvest marketing campaign final month, which focused Iranian protestors by hiding malware inside paperwork that praised the demonstrations. On this newest case, which was found on 1 March 2026, “the urgency to put in or replace such an software overrides the warning customers may in any other case train,” researchers famous. They imagine the group often known as Arid Viper (or APT-C-23) could be behind the assault, because the strategies match their earlier work concentrating on the area.
Israeli Alert Apps and Earlier Scams
This isn’t the primary time hackers have exploited rocket-alert functions utilized by Israelis. In October 2023, the pro-Palestinian hacktivist group AnonGhost claimed it had compromised the Purple Alert app and used it to ship faux emergency notifications, together with warnings about faux rockets and even nuclear assaults.
Later that very same month, researchers from Cloudflare’s Cloudforce One staff uncovered a separate marketing campaign involving a faux RedAlert-themed Android app distributed by way of a malicious web site that intently mimicked the reputable service. Victims who downloaded the APK believed they had been putting in the official Rocket Alert app, however the software program was really adware designed to gather delicate knowledge from contaminated gadgets.
