An Islamic prayer-timing app widely used in Iran pushed a series of anti-regime messages to users on 28 February 2026. The notifications urged members of the security forces to abandon their posts and join what the messages described as “liberation forces.” According to multiple media reports, the messages appeared on BadeSaba Calendar, an app with more than five million downloads. The incident occurred during heightened unrest and amid US and Israeli strikes on Iranian military targets. Some Israeli and international outlets attributed the cyber operation to Israel, though there has been no official confirmation. The messages appeared shortly before a near-total internet blackout across Iran, limiting independent verification.
Messages spread by Israel through the hacked prayer app
Social media users shared screenshots of the notifications before connectivity dropped. One message, written in Persian, called on “repressive forces” to put down their weapons or defect to save their lives and protect Iran. Another read, “Help has arrived,” language linked by commentators to earlier statements by Donald Trump promising support for Iranian protesters. Analysts said the wording was clearly aimed at soldiers and internal security units rather than the wider public.
Public app-store data and investigative reporting show that BadeSaba Calendar has been downloaded more than five million times, making it one of Iran’s most popular religious utility apps. Download figures do not reflect active users at a given moment. Even so, experts say reaching a fraction of that audience would be significant in Iran’s tightly controlled media environment. Iran imposed sweeping internet restrictions soon after, leaving it unclear how many devices received the messages. Several Israeli media reports, citing unnamed security officials, said the hack was part of a broader Israeli campaign against the Iranian regime.
Israel’s ingenious cyber methods and how they were used
Over the past decade, Israeli security services and allied cyber units have built a reputation for operations designed to shape behaviour rather than simply disrupt systems. These actions are typically precise and personal, with their impact rooted in timing, credibility and psychological effect.One key method involves hijacking mobile applications and notification systems. Smartphones rely on centralised push services, meaning access to an app’s backend can place messages instantly on millions of screens. In earlier operations attributed to Israel, similar tactics were used to send false alerts and warnings that appeared to come from trusted domestic sources. The reported breach of the BadeSaba prayer app follows this pattern, using a religious utility to deliver a political message directly to users.Another approach is the manipulation of SMS and emergency alert systems. In past regional confrontations, Israeli-linked cyber operations reportedly sent text messages to soldiers warning they were being watched or urging them to stand down. Because these messages resemble official alerts, they can trigger confusion and hesitation at critical moments.One of the most striking examples of Israel’s unconventional methods was the pager attack reported in Lebanon in 2024. Members of Hezbollah, who had turned to pagers believing them to be secure, were targeted when hundreds of devices reportedly exploded almost simultaneously. The pagers were believed to have been compromised during the supply chain, with small explosive charges embedded before distribution. The blasts killed and injured Hezbollah operatives while largely sparing civilians. Israel did not claim responsibility, but the operation was widely attributed to Israeli intelligence.The pager incident reflects a broader pattern of turning trusted technology into a vulnerability. This includes cyber sabotage such as Stuxnet, as well as reported use of rigged mobile phones, compromised radios and hacked media systems. In recent years, these tactics have expanded into information warfare, with spoofed alerts and targeted messages sent directly to devices. Together, they point to a strategy focused on precision, surprise and psychological impact rather than mass destruction.Israel has also used disruption of state media as a psychological tool. Iranian and allied outlets have at times seen websites briefly taken over or headlines altered, with some broadcasts interrupted. Though usually short-lived, these incidents carry strong symbolic weight by demonstrating that state control over information can be breached.Less visible operations include long-running phishing and credential-harvesting campaigns. Cybersecurity researchers have documented how fake emails and login pages were used to infiltrate government ministries, military units and media organisations. These efforts help map internal networks and lay the groundwork for future influence operations.What connects these methods is strategic timing. Cyber messages often appear alongside protests, military strikes or political crises. The aim is to spread doubt, weaken morale and encourage fractures within state institutions. The BadeSaba incident reflects this approach, with messages urging defection appearing amid unrest, foreign strikes and economic strain, followed soon after by a nationwide internet blackout.For ordinary citizens and rank-and-file soldiers, the experience can be deeply unsettling. A trusted app delivers an unexpected message. Alerts contradict official statements. State media goes quiet while phones buzz with unfamiliar warnings. The effect is not persuasion alone, but disorientation and a sense that control is slipping.Seen this way, the prayer app hack is not an isolated event. It reflects a broader shift in modern conflict, where wars are fought not only with missiles and sanctions, but with notifications, interfaces and moments of doubt delivered directly to personal devices.Following the hack and the strikes, monitoring group NetBlocks said Iran’s internet connectivity fell to about 4% of normal levels. Human rights groups warn that such blackouts restrict information and raise the risk of abuses going unreported. Human Rights Watch has previously documented mass arrests, disappearances and killings during periods of unrest, concerns that intensify when communication channels are cut.
Official reactions
Iranian state media condemned the cyber incidents and accused hostile foreign powers of destabilisation. Israeli officials have not publicly acknowledged responsibility for the prayer app hack. International coverage has described the episode as part of an expanding cyber dimension in the confrontation between Iran and its adversaries.Key questions remain unresolved. These include how the messages were technically delivered, how many users were affected and who was ultimately responsible. Until independent cybersecurity analysis or official confirmation emerges, the incident will continue to be described in reported terms rather than as established fact.
