RedAlert SMS phishing espionage campaign
Campaign
Summary
Hide ▲
Show ▼
A RedAlert mobile espionage campaign is using SMS phishing and a trojanized emergency app to target civilians during the ongoing Israel-Iran conflict. The operation pushes victims to sideload a fake update that imitates the legitimate Israel Defense Forces Home Front Command app. Once installed, the malware seeks access to SMS messages, contacts, and precise GPS location data, turning a wartime lure into a surveillance operation. The campaign also uses anti-detection techniques and multi-stage payload loading to hide its behavior and exfiltrate stolen data.
Related Happenings
NGate Android Brazil fake-app and fake-lottery campaign
Campaign
First: 21.04.2026 12:00
Last: 21.04.2026 12:00
Sources 1
About this happening:
A **NGate** campaign has been active since **November 2025**, targeting primarily **Android devices in Brazil** and using **fake-app** and **fake-lottery** lures to spread a malic...
NGate Android Brazil fake-app and fake-lottery campaign
CampaignAbout this happening: A **NGate** campaign has been active since **November 2025**, targeting primarily **Android devices in Brazil** and using **fake-app** and **fake-lottery** lures to spread a malic...
NGate malware trojanized HandyPay NFC-stealing variant
Malware Activity
First: 21.04.2026 12:00
Last: 21.04.2026 12:00
Sources 1
About this happening:
A **new NGate variant** is stealing **NFC payment data** from **Android users in Brazil**, raising the risk of **unauthorized purchases** and **ATM cash withdrawals**. The malware...
NGate malware trojanized HandyPay NFC-stealing variant
Malware ActivityAbout this happening: A **new NGate variant** is stealing **NFC payment data** from **Android users in Brazil**, raising the risk of **unauthorized purchases** and **ATM cash withdrawals**. The malware...
Mirax social media ad campaign targeting Spanish-speaking users
Campaign
First: 13.04.2026 17:30
Last: 13.04.2026 17:30
Sources 1
About this happening:
The **Mirax** distribution campaign is using **social media advertisements** and **fake IPTV or streaming apps** to reach **Spanish-speaking users** at scale, raising the risk of...
Mirax social media ad campaign targeting Spanish-speaking users
CampaignAbout this happening: The **Mirax** distribution campaign is using **social media advertisements** and **fake IPTV or streaming apps** to reach **Spanish-speaking users** at scale, raising the risk of...
Perseus IPTV-lure distribution campaign targeting Europe and the Middle East
Campaign
First: 19.03.2026 14:43
Last: 19.03.2026 14:43
Sources 1
About this happening:
The **Perseus** distribution campaign is actively pushing **Android malware** through **phishing sites** and **IPTV-lure apps**, increasing the risk of **device takeover** and **f...
Perseus IPTV-lure distribution campaign targeting Europe and the Middle East
CampaignAbout this happening: The **Perseus** distribution campaign is actively pushing **Android malware** through **phishing sites** and **IPTV-lure apps**, increasing the risk of **device takeover** and **f...
Perseus Android malware family actively distributed in the wild
Malware Activity
First: 19.03.2026 14:43
Last: 19.03.2026 14:43
Sources 1
About this happening:
The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...
Perseus Android malware family actively distributed in the wild
Malware ActivityAbout this happening: The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...
Timeline
-
03.03.2026 18:15 2 articles · 2mo ago
CloudSEK discloses RedAlert espionage campaign
Initial DisclosureCloudSEK identified the RedAlert mobile espionage campaign targeting civilians during the ongoing Israel-Iran conflict, distributing a trojanized copy of Israel's official Red Alert rocket warning app through SMS phishing and sideloading. The fake app mimics the legitimate Israel Defense Forces Home Front Command interface, keeps delivering real rocket alerts, and runs a background surveillance payload that requests SMS, contacts, and precise GPS access while using anti-detection techniques and exfiltrating data to attacker-controlled infrastructure including api.ra-backup[.]com.
Show sources
- Israel: RedAlert Spyware Campaign Exploits Wartime Panic With Trojanized App — www.infosecurity-magazine.com — 03.03.2026 18:15
- Israel: RedAlert Spyware Campaign Exploits Wartime Panic With Trojanized App — www.infosecurity-magazine.com — 03.03.2026 18:15