RedAlert Rocket Alerts App Spoofed

In a wake of Isreal-Hamas ongoing conflict, researchers have spotted an legitimate app was malvertised and it collects user data silently.

An official app goes by the name RedAlert – Rocket Alerts has been popular among users in the Israel and Gaza region since it allows individuals to receive timely and precise alerts about incoming airstrikes A malicious, spoofed version of the app was detected recently, which collected personal information, including access to contacts, call logs, SMS, account information, and an overview of other installed apps.

The website hosting the malicious file was created on Oct. 12, and it has been taken offline since. Only those users who installed the Android version of the app are impacted, and they are urgently advised to delete the app.

As per the statement from Cloudflare, it became aware of a website hosting a Google Android Application that impersonated the legitimate RedAlert – Rocket Alerts application.

The creation of a malicious app spoofing a known brand is common, and they are found in official app stores are often disguised with the use of names, images, or descriptions similar to popular or malware-free apps. They also may have fake reviews to help increase the malicious app’s rating and to make them look more realistic.

Here, the malicious application mimicked a widely used app to steal data. Researchers unable to add attribution to whoever was behind this malicious app, and there is no evidence that this was even a threat actor from the Middle East.

Check the app’s developers and reviews, restricting permissions when necessary; users should download apps only from reputable developers and look for mentions of scams or malicious activity mentioned in reviews by other users.

This research was documented by researchers from Cloudflare

Indicators of Compromise

• hxxp://redalerts[.]me/app.apk
• hxxp://23.254.228[.]135:80/file.php
• 5087a896360f5d99fbf4eb859c824d19eb6fa358387bf6c2c5e836f7927921c5