Hamas attempted to plant spyware in 'Red Alert' rocket siren app

The Israeli cyber intelligence firm ClearSky claims that the terrorist organization used fake Facebook profiles to take control of cellular devices and enable tracking and outgoing calls.

AUGUST 14, 2018 09:28

Updated: AUGUST 14, 2018 10:49

Cyber hacking (illustrative) (photo credit: INGIMAGE) — Cyber hacking (illustrative)

(photo credit: INGIMAGE)

Hamas is trying to implant spyware onto Israeli mobile phones under the guise of the "Red Alert" rocket siren app, Israeli cyber intelligence firm "ClearSky" said last week. The implanted spyware redirects users to a fraudulent website, where they can download the malicious app.

According to the company's security researchers, it seems Hamas's cyber offensive may be only in its early stages, and the fact that they've come across it now could prevent it from endangering Israelis. ClearSky emphasized that the referral to the malicious app usually comes from fake Facebook profiles and botnets on Twitter.

ClearSky CEO Boaz Dolev gave an explanation about the malware: "As part of our work monitoring cyberspace, by which we provide our customers with knowledge about, and protection against cyber threats, we discovered the malicious sites that contain links to the malware.

"When you download the app, it takes control of you cell phone and allows the operator to track the device's location, take photos, record audio, make calls, send messages, and anything else the device is capable of doing."

Dolev added that "according to data we gathered, it is possible to observe that Hamas timed the cyber offensive to coincide with the recent rocket barrage against Israel."

Dolev warned that from the moment the application is downloaded, there is no way to get rid of it.

"Apps should only be downloaded from official app stores. Unfortunately, if the software has already been downloaded, deleting the app will not remove the malicious software from the device, and the cell phone will continue transmitting data to the operator."

In addition, ClearSky also identified a malicious file that is downloaded to computers and phones when accessing a forged registration form for Cellcom TV. ClearSky's estimate is the two sites and the malicious file were distributed by Hamas members as links in social networks, emails and more.

Last month, the IDF uncovered another Hamas network posing as attractive young women and men on social networks in order to lure IDF soldiers, as a means to access information and intelligence on the army. That malware, like the new one, was able to download files, access the phone’s camera and microphone, take pictures and record conversations remotely, without the soldier's knowledge.

Anna Ahronheim contributed to this report.

Translated by Tamar Ben Ozer.