Hackers target Israelis with fake emergency spyware app

Hackers have launched a cyber espionage campaign targeting Israelis by distributing spyware disguised as a smartphone application that imitates a popular emergency alert service.

The operation was revealed in a cybersecurity report released by Swiss firm Acronis.

According to the report, attackers are sending text messages that appear to come from the Israel Defense Forces’ Home Front Command, urging recipients to download what is presented as an updated version of the official “Red Alert” app used to warn residents of rocket attacks.

Fake app installs spyware on victims’ phones

Researchers said users who follow the instructions and install the fake Android application unknowingly download spyware onto their devices.

The malicious app can secretly track precise location data and extract sensitive information stored on the device, including text messages, passwords, and contact lists.

According to Acronis’ threat research unit, the campaign exploits public trust in emergency alert infrastructure during periods of heightened conflict.

The researchers also said the hackers behind the operation are believed to be linked to Arid Viper, a threat actor previously associated with espionage campaigns targeting Israeli military personnel and individuals in Egypt and Palestine.

Trump rejects Khamenei’s son, demands role in choosing Iran’s next leader

Cyber warfare intensifies amid regional conflict

Acronis described the group as “a capable and well-resourced threat actor operating with clear objectives,” adding that the incident demonstrates how cyber attackers can weaponise trusted digital tools during geopolitical crises.

Cyber espionage has increasingly become part of the ongoing conflict involving the United States, Israel, and Iran.

Earlier reports cited by the Financial Times alleged that Israeli intelligence infiltrated Iran’s traffic camera network for years to monitor movements of senior officials, including Supreme Leader Ali Khamenei.

The surveillance operation reportedly allowed analysts to track patterns of movement around key government locations in Tehran.

Additional cyberattacks reported

Separately, cybersecurity company Check Point Software Technologies said attackers had also attempted to breach surveillance camera systems in Israel and other countries across the Middle East.

Several hacking groups believed to be aligned with Iran have claimed responsibility for cyberattacks targeting Israeli companies and government agencies in recent days.

Despite the surge in cyber activity, analysts say digital attacks have not yet played a decisive role in the conflict, which escalated after U.S. and Israeli forces launched strikes on Iranian targets on February 28.