How the BadeSaba Prayer App Was Hacked in Iran and How to Protect Yourself

On Saturday morning, as the war between Israel and the United States with Iran heated up, millions of phones in Tehran buzzed with a different kind of strike. The popular prayer app BadeSaba, which has been downloaded more than five million times to track religious observances, suddenly lit up with a message: “Help has arrived.” Then came calls for a “People’s Army.”

Another message said, “The time for revenge has come.” Another said, “The regime's repressive forces will pay for their cruel and merciless actions against the innocent people of Iran. Anyone who joins in defending and protecting the Iranian nation will be granted amnesty and forgiveness.”

No group has claimed responsibility. But multiple reports and analyses from cybersecurity experts point to the app most likely being hacked.

“At this point, we genuinely do not know who is behind them, whether it was Israel or other anti-government Iranian groups,” said Narges Keshavarznia, a digital rights researcher at the Miaan Group, in an interview with WIRED magazine.

The incident highlights how in modern conflict, cyberattacks have become common.

Hamid Kashfi, an independent security consultant based in Sweden, called the choice of app that was hacked “a smart move,” noting the app’s user base, which is mostly the more religious faction of the country.

How do hacks like this happen?

Attacks like this usually start by exploiting weak points in an app’s software, developer accounts, or outdated components. Once inside, hackers can quietly change how the app behaves and use trusted platforms to send messages that look official.

In conflicts, the goal is psychological, using a popular app to influence how people feel during moments of tension. The BadeSaba incident is hard to attribute because no group has claimed responsibility.

How can you save yourself from this app?

If you receive urgent or unusual messages from apps, pause before acting. Check official government or organisational channels directly rather than relying only on push notifications.

Keeping apps updated helps close known security gaps, and downloading software only from verified app stores reduces risk.

Security experts say organisations should also prepare for moments when communication channels may be disrupted and focus more on recovery and verification than only blocking attacks. In modern conflicts, confusion itself can become a weapon.