iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Israeli civilians are relying upon a range of early warning applications to keep them abreast of incoming rocket and missile attacks – but those same apps are becoming a popular target for pro-Palestinian hackers.
One such group – AnonGhost – was able to exploit an API vulnerability in developer Kobi Snir’s Red Alert app, causing a fake alert to be sent to its users warning of a looking nuclear attack.
“In their exploit, they successfully intercepted requests, exposed vulnerable servers and APIs, and employed Python scripts to send spam messages to some users of the app,” according to security researchers at Group IB.
“According to the group’s chat logs detected by Group-IB’s Threat Intelligence system, they also dispatched fake messages about a ‘nuclear bomb’.”
On the group’s Telegram channel, AnonGhost has boasted of bringing the Red Alert app “totally down for the second time”, in between posting images of the ongoing conflict and posts supporting Hamas and Palestine.
“An eye for an eye,” the group said in a later post. “API key Red Alert pwned by AnonGhost.”
The developers of this particular Red Alert app – there are at least three such apps available from different developers – have removed it from the Google Play Store.
“After exploiting an API vulnerability, threat actors were able to send spam messages within the app’s chat,” Group IB explained in a post on X. “They have claimed that ‘all 10k to 20k users of this application’ should have received these messages.”
Group IB is unable to confirm the nature of the exploit, as it would require recreating it, which is illegal without Kobi Snir’s permission. Nonetheless, the researchers are still working on the problem.
“We are actively monitoring the threat and will provide updates as they become available,” it said.
According to the Anti-Defamation League, AnonGhost is a “fluid international network of hackers that targets government, corporate and private websites around the world to bring attention to its extremist-inspired agenda”. It is a largely anti-Semitic group and supports ISIS and other militant Islamic groups.
The group’s operations go back to at least 2015, but its current Telegram channel seems to have been created in January 2023, initially to support OpSweden, a series of coordinated hacking attacks that targeted Sweden after an Islamaphobic incident in the same month.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
