Android spyware deployed via fraudulent Israeli rocket alert app

Threat actors have targeted Israeli Android users with spyware through a fake version of the widely used rocket warning app "RedAlert Rocket Alerts" amid the ongoing conflict between Israel and Palestinian military group Hamas, BleepingComputer reports. Cloudflare researchers discovered that the newly created "redalerts[.]me" site has been used to facilitate the distribution of the malicious app on Android devices but Apple devices downloading the app were redirected to a legitimate page on the Apple App Store. Further examination of the spyware app's APK revealed legitimate RedAlert app code but laced with additional requests for contact, call log, SMS, installed software, IMEI, and email and app account access. Such permissions are then leveraged by the fraudulent app to facilitate data exfiltration and encryption. Users have been urged to review app permissions to determine potential compromise, as well as ensure the use of the most recent version to prevent compromise via API vulnerability exploitation.