A cybersecurity research firm has uncovered a sophisticated spyware campaign targeting Israeli civilians by exploiting trust in the country’s widely used Red Alert rocket warning application. The attack reportedly involves a fake version of the app designed to look and function like the legitimate emergency tool relied upon during missile attacks.

According to researchers, victims receive a text message claiming to be from Israel’s Home Front Command, warning of a malfunction in the official app and urging them to download an update. The message includes a shortened link that directs users to install a malicious file disguised as the authentic application.

The counterfeit app continues to deliver real rocket alerts, making it difficult for users to detect any wrongdoing. Behind the scenes, however, the spyware collects sensitive data including messages, contacts, location details, account information, and lists of installed applications. The stolen information is stored on the device and then transmitted to remote servers controlled by the attackers.

Researchers warn that the attackers use advanced techniques to bypass built-in Android security protections, allowing the malicious software to appear legitimate. Cybersecurity experts are urging users to remain cautious and avoid downloading applications from unofficial links, especially during periods of heightened conflict.