Overview
- Attackers sent spoofed Home Front Command texts with a shortened link that directed recipients to sideload a malicious APK.
- The modified Red Alert app continues to deliver genuine rocket notifications while secretly collecting and exfiltrating device data.
- Acronis TRU reports spoofed certificates and a faked installer source that made the app appear to be installed from Google Play.
- The spyware seeks about 20 permissions, can overlay login screens to intercept one-time codes, persists after reboot, and streams data to a remote command server.
- Israeli authorities issued public warnings, researchers say the number of infections remains unknown, and any link to Arid Viper is assessed as tentative.