Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,579
- Points
- 113
The spy version of RedAlert is distributed to Android users. What do its developers want?
A fake version of the "RedAlert" app continues to be distributed to Android users in Israel. It supports all the functions of the official version, but in hidden mode it spies on the owner of the device.
The original "RedAlert" has already been uploaded to Google Play more than a million times. Right now, for Israel, this is a vital tool through which citizens receive notifications about rocket attacks.
According to Cloudflare, hackers whose targets and origins have not yet been determined are well aware that the situation in the country is critical and people are unlikely to think about third-party, less significant risks.
The malicious app was distributed through the "redalerts" website.]me, created on October 12, 2023. The site has buttons for installing on iOS and Android.
For iOS users, the link leads to the official page in the Apple App Store. But the Android button starts downloading the APK file directly.
This APK file uses the source code of the real RedAlert, so it looks completely legitimate. However, the app requires additional permissions: access to contacts, phone numbers, SMS, call history, device IMEI, email, and other accounts.
At startup, the app activates a background service that collects and encrypts data, then sends it to a third-party server.
The site is currently unavailable. But attackers are likely to look for new ways to distribute their software. Interestingly, even the real RedAlert faced problems: hackers exploited API vulnerabilities to send false notifications to users.
To distinguish a real app from a fake one, Israelis are asked to first pay attention to the permissions that the app requests during installation, as well as regularly update the system to the latest version.
A fake version of the "RedAlert" app continues to be distributed to Android users in Israel. It supports all the functions of the official version, but in hidden mode it spies on the owner of the device.
The original "RedAlert" has already been uploaded to Google Play more than a million times. Right now, for Israel, this is a vital tool through which citizens receive notifications about rocket attacks.
According to Cloudflare, hackers whose targets and origins have not yet been determined are well aware that the situation in the country is critical and people are unlikely to think about third-party, less significant risks.
The malicious app was distributed through the "redalerts" website.]me, created on October 12, 2023. The site has buttons for installing on iOS and Android.
For iOS users, the link leads to the official page in the Apple App Store. But the Android button starts downloading the APK file directly.
This APK file uses the source code of the real RedAlert, so it looks completely legitimate. However, the app requires additional permissions: access to contacts, phone numbers, SMS, call history, device IMEI, email, and other accounts.
At startup, the app activates a background service that collects and encrypts data, then sends it to a third-party server.
The site is currently unavailable. But attackers are likely to look for new ways to distribute their software. Interestingly, even the real RedAlert faced problems: hackers exploited API vulnerabilities to send false notifications to users.
To distinguish a real app from a fake one, Israelis are asked to first pay attention to the permissions that the app requests during installation, as well as regularly update the system to the latest version.
