Attackers are spoofing a widely used open source application that warns Israelis of incoming airstrikes, called RedAlert, to lure users into downloading a malicious version of the software that, instead of telling those under attack where to seek safety, collects their sensitive data.
Applications warning Israelis of incoming airstrikes have become a trending attack vector for pro-Palestinian threat groups, according to a new report from Cloudflare. The latest round of cyberattacks uses a modified version of the open source RedAlert to lure users into downloading the spoofed version, which then provides cybercriminals with acess to contacts, call logs, SMS details, a list of accounts associated with the device, as well as insights into other apps installed on a victim’s device, Cloudflare added.
“Only users who installed the Android version of the app from this specific website are impacted and urgently advised to delete the app,” Cloudflare said. “Users can determine if they installed the malicious version by reviewing the permissions granted to the RedAlert app.“
Source: www.darkreading.com