A targeted campaign has been identified distributing a trojanized version of the Red Alert rocket warning Android app to Israeli users via SMS messages impersonating official Home Front Command communications. The malicious app retains full rocket alert functionality while running malicious code in the background. It bypasses Android security checks through certificate spoofing and runtime manipulation. Once installed, the malware collects sensitive data including SMS messages, contacts, location data, device accounts, and installed applications. The stolen data is transmitted to a remote command-and-control server. This campaign exploits user trust in emergency services during periods of geopolitical tension, combining social engineering with mobile espionage for maximum impact.