A prayer-timing app with more than 5 million downloads on the Google Play Store was apparently compromised during the opening hours of a joint Israeli and US military strike on Iran, sending a series of coordinated messages urging Iranian military personnel to surrender and defect.
The app, BadeSaba Calendar, began pushing notifications to users shortly after the first explosions were reported across Tehran and other Iranian cities in the early hours of Saturday morning. The messages arrived in rapid succession over a 30-minute window, beginning at 9:52 am Tehran time with the phrase “Help has arrived.” No group has claimed responsibility.
Messages Timed to the Strikes
Screenshots reviewed by cybersecurity researchers show the push notifications were all titled “Help is on the way.” The content, translated from Farsi, called on members of Iran’s military forces to lay down their weapons, promising amnesty to those who complied or joined what the messages described as “the forces of liberation.”
“The time for revenge has come,” read one message received at 10:02 am. “Anyone who joins in defending and protecting the Iranian nation will be granted amnesty and forgiveness.”
A subsequent message at 10:14 am declared: “For a free Iran — lay down your weapons or join the forces of liberation. Only in this way can you save your lives.”
Cybersecurity analysts confirmed that BadeSaba users received the notifications in the timeframe described, but attribution remains unresolved. Narges Keshavarznia, a digital rights researcher at the Miaan Group, noted that no hacker group has come forward. “Attribution in cases like this is always complex, and it’s still too early to draw conclusions,” she said.
Nation-State Precision, Not Opportunism
Morey Haber, chief security adviser at BeyondTrust, offered a more pointed assessment. He argued the operation’s timing points to pre-planned access rather than an improvised hack. “The compromise of assets likely happened some time ago, and these messages of ‘help’ were timed strategically,” he said. “This is not a smash-and-grab style of attack. It is nation-state versus nation-state and is being executed with intent and precision.”
The strikes themselves, which the US and Israel are characterizing as preemptive, follow failed diplomatic negotiations. They also come after mass protests in Iran earlier this year in which at least 3,117 civilians were killed, according to government figures. Iran responded Saturday with retaliatory strikes on military targets across the region, with explosions reported in Bahrain, Kuwait, the UAE, and Qatar — several missiles intercepted.
Internet Blackout Compounds the Crisis
For ordinary Iranians, the information environment has collapsed almost entirely. Internet monitoring service NetBlocks reported overall network traffic in the country had dropped to just 4 percent of normal levels. Data from ArvanCloud’s Radar system showed that major domestic data centers and points of presence had either lost international connectivity or were severely disrupted.
Phone lines, SMS services, mobile data, and fixed broadband connections have all experienced significant outages. “Even using VPNs has become extremely difficult,” Keshavarznia said, adding that incoming international calls to Iran are also affected.
State news agencies were not spared. Both IRNA and ISNA were reportedly hit by cyberattacks and taken temporarily offline. IRNA has since restored access; ISNA remained down at the time of reporting.
Photo by Raziye Shahriyari on Unsplash
This article is a curated summary based on third-party sources. Source: Read the original article
