Hamas attempted to plant spyware in 'Red Alert' rocket siren app

The Israeli cyber intelligence firm ClearSky claims that the terrorist organization used fake Facebook profiles to take control of cellular devices and enable tracking and outgoing calls.

August 14, 2018 09:28
2 minute read.
Cyber hacking

Cyber hacking (illustrative). (photo credit: INGIMAGE)


Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analysis from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief


Hamas is trying to implant spyware onto Israeli mobile phones under the guise of the "Red Alert" rocket siren app, Israeli cyber intelligence firm "ClearSky" said last week. The implanted spyware redirects users to a fraudulent website, where they can download the malicious app.

According to the company's security researchers, it seems Hamas's cyber offensive may be only in its early stages, and the fact that they've come across it now could prevent it from endangering Israelis. ClearSky emphasized that the referral to the malicious app usually comes from fake Facebook profiles and botnets on Twitter.

ClearSky CEO Boaz Dolev gave an explanation about the malware: "As part of our work monitoring cyberspace, by which we provide our customers with knowledge about, and protection against cyber threats, we discovered the malicious sites that contain links to the malware.

"When you download the app, it takes control of you cell phone and allows the operator to track the device's location, take photos, record audio, make calls, send messages, and anything else the device is capable of doing."

Dolev added that "according to data we gathered, it is possible to observe that Hamas timed the cyber offensive to coincide with the recent rocket barrage against Israel."

Dolev warned that from the moment the application is downloaded, there is no way to get rid of it.

"Apps should only be downloaded from official app stores. Unfortunately, if the software has already been downloaded, deleting the app will not remove the malicious software from the device, and the cell phone will continue transmitting data to the operator."

In addition, ClearSky also identified a malicious file that is downloaded to computers and phones when accessing a forged registration form for Cellcom TV. ClearSky's estimate is the two sites and the malicious file were distributed by Hamas members as links in social networks, emails and more.

Last month, the IDF uncovered another Hamas network posing as attractive young women and men on social networks in order to lure IDF soldiers, as a means to access information and intelligence on the army. That malware, like the new one, was able to download files, access the phone’s camera and microphone, take pictures and record conversations remotely, without the soldier's knowledge.

Anna Ahronheim contributed to this report.

Translated by Tamar Ben Ozer.

Related Content

Jason Greenblatt, US President Donald Trump's Middle East envoy.
June 18, 2019
Greenblatt: Settlements not reason for lack of peace


Cookie Settings