Israel Hacked Iranian Prayer App BadeSaba to Urge Military Defections During Strikes

Smartphone displaying hijacked prayer app notifications during military airstrikes

A Prayer App Turned Into a Weapon

During the US-Israeli airstrikes on Iran on February 28, 2026, millions of Iranian phone users received unexpected push notifications from BadeSaba — a popular prayer-timing app with over 5 million installs on Google Play. The messages didn’t contain prayer times. They contained military surrender demands.

Three notifications arrived in quick succession over a 30-minute window on Saturday morning, all in Persian. The first, at 9:52 AM Tehran time: “Help Has Arrived” — echoing a phrase used by President Trump in January 2026 during Iranian protests. The second, at 10:02 AM, was aimed directly at military personnel: “The time for revenge has come. The regime’s repressive forces will pay for their cruel and merciless actions. Anyone who joins in defending and protecting the Iranian nation will be granted amnesty.”

The third, at 10:14 AM: “For the freedom of our Iranian brothers and sisters — lay down your weapons or join the forces of liberation. Only in this way can you save your lives.”

Pre-Planned, Not Improvised

Cybersecurity experts agree this wasn’t a hastily assembled operation. Morey Haber, Chief Security Advisor at BeyondTrust, stated: “The compromise of assets likely happened some time ago, and these messages of ‘help’ were timed strategically. This is not a smash-and-grab style of attack. It is nation-state versus nation-state and is being executed with intent and precision.”

The attackers gained control of the app’s push notification infrastructure, allowing them to blast messages to all 5 million+ users simultaneously. Jake Williams, VP of R&D at Hunter Strategy and a former NSA Tailored Access Operations member, said: “This is very likely an Israeli cyber operation. I’d be surprised if it were the US. They typically go out of their way to avoid operations that can result in attribution. Israel, on the other hand, doesn’t care about attribution.”

Part of a Broader Cyber Offensive

The prayer app hack was just one component of a coordinated cyber campaign. Several Iranian state media outlets — including IRNA and ISNA — were simultaneously taken offline by cyberattacks. Pro-Israel hacker group Predatory Sparrow reportedly crippled Iran’s Bank Sepah and burned approximately $90 million in cryptocurrency from Iranian exchange Nobitex.

Iran responded with a massive internet shutdown, with overall network traffic dropping to just 4% of normal levels according to NetBlocks. Phone lines, SMS services, and both mobile and fixed broadband connections experienced severe disruption. VPN usage became extremely difficult.

The Pager Playbook, Updated

This tactic follows Israel’s pattern of weaponizing communications infrastructure. In September 2024, Israel detonated thousands of pagers and walkie-talkies used by Hezbollah members in Lebanon, killing at least 37 and injuring nearly 3,000. The BadeSaba hack is a softer version of the same strategy — using everyday communication devices to deliver psychological warfare directly to millions of people.

The convergence of cyber operations and psychological warfare through a religious app raises uncomfortable questions about the vulnerability of app infrastructure globally. If a prayer app serving millions can be compromised and weaponized during a military operation, any app’s push notification system is a potential attack vector.