When a prayer app becomes a weapon: the psychological cyberwar at the heart of the Iran-US-Israel conflict
On February 28, 2026, the United States and Israel launched massive joint strikes against Iran. Since then, daily life for millions of Iranians has come down to sirens, explosions, power cuts and a near-total internet blackout, against a backdrop…

On February 28, 2026, the United States and Israel launched massive joint strikes against Iran. Since then, daily life for millions of Iranians has come down to sirens, explosions, power cuts and a near-total internet blackout.
Before getting into the technical analysis, one thought is unavoidable: this conflict strikes a people first. Millions of ordinary men and women, heirs to a thousand-year-old civilization, caught in a vise between an authoritarian regime and foreign bombardment. They chose neither one.
But beyond the airstrikes, a less visible front has opened with unprecedented brutality: that of cyberspace and cyberwar. And that is where this article lingers, because what happened that day on the phones of millions of Iranians deserves a closer look.
* * *
A prayer app turned into a psychological weapon
On February 28, as the first explosions rang out in Tehran, millions of Iranians simultaneously received an unexpected push notification on their phones.
The app in question is called BadeSaba Calendar. Downloaded more than five million times on Google Play, it is part of daily life for many Iranians: prayer times, the call to prayer (azan), orientation toward the qibla, religious calendar. In the middle of Ramadan, it is consulted several times a day. It is an intimate, familiar tool, tied to faith.
At 9:52 a.m. Tehran local time, the messages began. For nearly thirty minutes, several notifications in Persian followed one another, all under the same title: "Help is coming." Here are two excerpts, confirmed by screenshots analyzed by the Wall Street Journal and WIRED.


"The time for revenge has come. The regime's repressive forces will pay for their cruel acts against the innocent Iranian people. Those who join the defense of the Iranian nation will be granted amnesty and pardon."
"For the freedom of our Iranian brothers and sisters, a call to all oppressive forces: lay down your weapons or join the liberation forces. This is the only path that will let you save your lives. For a free Iran."
No official claim of responsibility. But the technical markers leave little doubt: precise synchronization with the first strikes, persistence of the notifications despite filters, absence of any classic malware targeting users. Everything points to an operation planned long in advance, at a state level.
The message is clear: it is no longer only the servers or the infrastructure that are targeted. The mind is targeted directly, where trust runs deepest.
* * *
A perfectly orchestrated hybrid war
This hack did not happen in a vacuum. It was part of a wave of cyber operations synchronized with the airstrikes:
Iranian internet traffic fell to around 4% of its normal level within the first hours, according to NetBlocks data, before collapsing to less than 1% in some regions. In parallel, targeted disruptions hit the Revolutionary Guards' communication networks, and several official news agency websites (IRNA, ISNA, Tasnim) were temporarily hijacked to broadcast similar messages calling for defection.
The goal is transparent: disorient the adversary on all fronts at once, disrupt the chain of command, and inject doubt directly into the population and the armed forces. This is cognitive warfare in action, synchronized with strikes that, according to several sources including Reuters and the Washington Post, are said to have decapitated part of the Iranian leadership.
* * *
What is genuinely new here
Let's be clear: offensive cyber operations are nothing new. Stuxnet in 2010 showed that a computer worm could physically destroy centrifuges remotely. The "pager" operation in 2024 showed that an entire supply chain could be booby-trapped to set off coordinated explosions.
But what happened with BadeSaba is of a different order. It is not physical sabotage, nor an attack on critical infrastructure. It is the transformation of a daily ritual, prayer, into a vector of propaganda. It touches on a rare intimacy: faith, spiritual routine, the bond of trust between an individual and a tool used in a moment of reflection.
For a soldier, a militiaman, or even a civilian already under the bombs, receiving such a message at the very moment of checking prayer times means watching doubt creep in where certainty once stood. This is psychological warfare in its purest form, and its potential effectiveness is formidable: to crack cohesion, amplify fear, destroy digital trust.
* * *
Calling a spade a spade
This kind of operation, however "impressive" it may be on a technical level, is by no means morally neutral. Things need to be named.
When a state hijacks a prayer app used by millions of civilians to spread propaganda in the middle of a bombardment, it is not merely a cyber feat. It is the exploitation of the intimate and religious space of civilian populations. It is turning a moment of reflection into a vector of manipulation.
You can analyze the technical sophistication without applauding the use made of it. You can acknowledge the cyber-kinetic integration capability of certain actors without concluding that the end justifies every means. The Iranian population, already caught between a repressive regime and foreign bombardment, did not need its tools of faith turned into a battlefield as well.
The risk is that this kind of operation becomes the norm. And that tomorrow, any state will grant itself the right to hijack any civilian app (health, messaging, education) to inject its propaganda in times of conflict.
* * *
And where does that leave us?
You might think this episode does not concern us directly. That would be a mistake. What happened in Iran exposes a vulnerability that touches us all: the blind trust we place in the apps of our daily lives.
How many of us actually check who develops the weather app we consult every morning? Who controls the server behind their alarm app, their sleep tracker, their password manager? Every app installed on a smartphone is a potential attack surface. Every push notification is a channel that someone, somewhere, could hijack.
The concrete lessons to draw: limit the number of installed apps to the strict minimum, check the permissions granted (why would a calendar app need access to your contacts?), favor open-source apps when possible, and above all keep a critical mind toward any unexpected notification, even from a "trusted" source.
Cybersecurity is no longer a subject reserved for experts. It is a daily hygiene. And this Iranian episode is a brutal demonstration of it.
* * *
Behind the code, human lives
In the midst of these technical analyses, what matters most remains the people. In Tehran, Isfahan, Tabriz, families live under permanent tension. Young people see their digital space, their social ties, their access to information, their spirituality, turned into a minefield.
Cyberwar impresses strategists. It terrifies civilians. And that is no doubt where its most fearsome weapon lies.
May the Iranian people, at the heart of this hybrid era, draw from their historic resilience the strength to weather the storm. And may we all remember: behind every line of code, every hijacked notification, every strike, there are human beings who dream of peace.
Sources
On the conflict and the strikes
The Guardian: https://www.theguardian.com/us-news/live/2026/mar/01/us-israel-war-on-iran-ayatollah-ali-khamenei-i-dead-latest-reports
CNN: https://edition.cnn.com/world/live-news/israel-iran-attack-02-28-26-hnk-intl
NBC News: https://www.nbcnews.com/world/iran/live-blog/israel-iran-live-updates-rcna261099
CBS News: https://www.cbsnews.com/live-updates/israel-us-attack-iran-trump-says-major-combat-operations
Washington Post: https://www.washingtonpost.com/world/2026/02/28/israel-strikes-iran-live-updates
BBC: https://www.bbc.com/news/live/cn5ge95q6y7t
On the BadeSaba Calendar hack
Wall Street Journal: https://www.wsj.com/livecoverage/iran-strikes-2026/card/israel-hacked-popular-iranian-prayer-app-to-urge-defections-resistance-wtYyb29CmKrTXoJBIV3C
Straight Arrow News: https://san.com/cc/lay-down-your-weapons-prayer-app-used-by-iranians-hacked-following-us-israeli-strikes
Yahoo News: https://www.yahoo.com/news/articles/lay-down-weapons-prayer-app-204723221.html
Jerusalem Post: https://www.jpost.com/middle-east/iran-news/article-888267
On the internet blackout
NetBlocks (via Wikipedia): https://en.wikipedia.org/wiki/2026_Internet_blackout_in_Iran
CNBC: https://www.cnbc.com/2026/03/01/us-iran-live-updates-khamenei-death-trump-gulf-strikes.html
RFE/RL: https://www.rferl.org/a/iran-internet-blackout-us-israel-military-attack/33690399.html
Questions fréquentes
What is BadeSaba Calendar and how was it used?
It is an Iranian religious calendar app (prayer times, azan, qibla) downloaded more than five million times on Google Play. On February 28, 2026, for nearly thirty minutes it broadcast push notifications in Persian calling on the regime's forces to lay down their arms or join the liberation forces.
How is this attack different from operations like Stuxnet or the pager attack?
Stuxnet (2010) and the pager operation (2024) aimed at physical effects: destroying centrifuges or setting off coordinated explosions. The BadeSaba case sabotages no infrastructure: it turns a daily, intimate ritual, prayer, into a vector of psychological propaganda.
How extensive was the internet blackout in Iran?
According to NetBlocks data, Iranian internet traffic fell to around 4% of its normal level within the first hours, before collapsing to less than 1% in some regions, accompanied by the hijacking of official news agency websites.
Why does this episode concern us outside Iran?
It exposes the blind trust we place in everyday apps: every installed app is an attack surface and every push notification a channel that can be hijacked. Such a practice could tomorrow extend to any civilian app (health, messaging, education).
What concrete measures does the article recommend?
Limit the number of installed apps to the strict minimum, check the permissions granted, favor open-source apps when possible, and keep a critical mind toward any unexpected notification, even from a supposedly trusted source.
Sources & méthodologie
- Wall Street Journal, Israel hacked popular Iranian prayer app to urge defections:
- WIRED, Hacked prayer app sends surrender messages to Iranians amid Israeli strikes:
- NetBlocks, 2026 Internet blackout in Iran (via Wikipedia):
- Reuters, More strikes aimed at Iran after US-Israeli assault:
- Washington Post, Israel strikes Iran live updates:

Être en cybersécurité
Une feuille de route cyber en clair, pour tout le monde, pas seulement les experts.
