Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

RedAlert app impersonation mobile surveillance malware delivery

Malware Activity
First reported
Last updated
Happening score
H score 26
1 unique sources, 1 articles

Summary

Hide ▲

An active SMS phishing operation is using a rogue RedAlert app to distribute mobile surveillance and data-exfiltrating malware, putting conflict-time mobile users at risk of covert compromise. Recipients are tricked into sideloading a malicious APK that imitates the Israeli Home Front Command RedAlert application and presents a fake urgent update. The lure exploits wartime urgency to increase installation success and conceal the payload.

Related Happenings

Fake Claude PlugX phishing campaign

Campaign
First: 13.04.2026 12:52 Last: 13.04.2026 12:52 Sources 1

About this happening: A **February** phishing campaign used a **fake Claude website** and **fake meeting invitations** to deliver **PlugX** malware to recipients, turning a popular AI brand into a malw...

Latest development: 07.05.2026 13:02

A fake Claude AI site at claude-pro[.]com distributed Claude-Pro-windows-x64.zip, which drops NOVupdate.exe, NOVupdate.exe.dat, and avk.dll to sideload DonutLoader and load the Beagle backdoor on Windows. The backdoor uses license[.]claude-pro[.]com for command-and-control over TCP 443 and/or UDP 8080, and related Beagle samples were submitted to VirusTotal between February and April this year.

Open Happening

RedAlert SMS phishing espionage campaign

Campaign
First: 03.03.2026 18:15 Last: 03.03.2026 18:15 Sources 1

About this happening: A **RedAlert** mobile espionage campaign is using **SMS phishing** and a trojanized emergency app to target **civilians** during the **ongoing Israel-Iran conflict**. The operatio...

Open Happening

Konni blockchain developer targeting campaign with AI-generated PowerShell malware

Campaign
First: 24.01.2026 17:23 Last: 24.01.2026 17:23 Sources 1

About this happening: **Konni (Opal Sleet, TA406)** is running an **active campaign** that uses **AI-generated PowerShell malware** to target **developers and engineers in the blockchain sector**, with...

Open Happening

TamperedChef malvertising campaign distributing backdoor malware through trojanized PDFs

Campaign
First: 16.01.2026 14:05 Last: 16.01.2026 14:05 Sources 1

About this happening: The **TamperedChef** campaign is a **malvertising** operation that used **Google ads** and **more than 50 domains** to push a fake **AppSuite PDF Editor** and deliver the **Tamper...

Open Happening

ManualFinderApp.exe infostealer and backdoor activity

Malware Activity
First: 16.01.2026 14:05 Last: 16.01.2026 14:05 Sources 1

About this happening: The **ManualFinderApp.exe** payload is being used as an **infostealer/backdoor** that harvests browser-stored data and opens **C2** exfiltration paths, increasing credential-theft...

Open Happening

Timeline

  1. 04.03.2026 19:21 2 articles · 2mo ago

    RedAlert app impersonation SMS phishing campaign delivers mobile surveillance malware

    Initial Disclosure

    An active SMS phishing campaign is using a rogue replica of the Israeli Home Front Command RedAlert application to trick recipients into sideloading a malicious APK that presents an urgent wartime update while delivering mobile surveillance and data-exfiltrating malware.

    Show sources
    Open in new tab