RedAlert Trojan Campaign: Fake Emergency Alert App Spread via SMS Spoofing Israeli Home Front Command

A targeted mobile espionage campaign distributes a trojanized 'RedAlert' Android app via smishing to exploit wartime panic; the loader spoofs signatures and installer provenance, dynamically loads a hidden payload (umgdn), and exfiltrates SMS, contacts and real-time GPS to attacker C2 (multiple IPs/domains via Cloudflare/AWS). The report includes static and dynamic analysis, IOCs (file hashes, IPs, URLs), impact assessment (weaponization of location data and 2FA bypass risk), and mitigation guidance including device quarantine, factory reset, MDM controls and network blocking.