Iranian Prayer App Turned Into a Cyber Weapon During Airstrikes

Millions of people across Iran experienced an unusual and alarming situation on the morning of February 28, 2026, as military strikes and a major cyber incident unfolded at the same time.The incident involved BadeSaba Calendar, one of Iran’s most widely used prayer and religious applications, with more than five million downloads. Instead of delivering its normal prayer reminders and religious notifications, the app suddenly began sending unexpected messages to users across the country.At around 9:52 a.m. local time, phones started displaying a series of alerts carrying anti-government messages. Notifications appeared with titles such as “Help is on the way” and encouraged members of Iran’s security forces to lay down their weapons or join what were described as “liberation forces.” The messages continued for nearly thirty minutes before stopping.
Cybersecurity experts believe the attackers gained access to the application’s notification infrastructure, allowing them to send messages directly through a trusted platform already installed on millions of devices. Because users regularly rely on the app for daily prayer schedules, the messages spread rapidly and attracted immediate attention.
Security analysts noted that such an operation was unlikely to have been carried out in a single day. The attackers would have needed prior access to the application’s backend systems, suggesting careful planning and preparation well before the incident occurred.
The situation became even more chaotic due to a widespread internet disruption across Iran. Internet monitoring organizations reported that national connectivity dropped dramatically, leaving many people unable to communicate with family members, access news sources, or verify information circulating online.
Experts described the event as a highly coordinated psychological operation designed to maximize public attention during a period of heightened military tension. By targeting a trusted religious application, the attackers were able to reach a large audience almost instantly.While no group has officially claimed responsibility, reports indicate that cyber operations were used alongside military actions as part of a broader strategy to influence events on the ground.The incident highlights how modern conflicts are increasingly extending beyond traditional battlefields. In today’s digital age, a mobile application can become a tool of influence, and a simple smartphone notification can have a significant impact during times of crisis.