Hackers of unknown origin and motivation were found leveraging the elevated interest in the “RedAlert”, an open-source app used by Israeli citizens to receive notifications of incoming rockets, to distribute a malicious version of the app.
The malicious version of the app, while offering the promised functionality, acts as spyware in the background, a report from Cloudflare said.
The app with the malicious code was found to collect sensitive user data including contacts, call logs, SMS, account information, as well as an overview of all installed apps from devices.
This malicious version was found to be distributed from the website “redalerts[.]me,” which was created on October 12, 2023. The website includes buttons to download the app for the iOS and Android platforms.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
While the iOS download button redirects users to the legitimate project’s page on the Apple App Store, the Android button directly downloads an APK file to be installed on the device.
The downloaded APK file uses the legitimate code of the RedAlert app, making it difficult for users to distinguish between the real and the malicious versions. The malicious app also contains anti-debugging, anti-emulation, and anti-test mechanisms that protect it from researchers and code-reviewing tools.
However, users can look at additional permissions the app requests upon installation. In case users notice the app asking for permission to access the information it does not require; they should uninstall the app and ensure they are using the latest app version that includes all available security fixes.
Published - October 17, 2023 02:17 pm IST
