Just when you think you’ve heard it all about hackers and password theft, new tactics emerge. In a surprising twist, some hackers are now utilizing traditional mail, disguised as a trustworthy source, to lure victims into downloading malicious applications for obtaining sensitive information.
According to a report from The Register, unsuspecting individuals have received letters purportedly from the “Federal Office of Meteorology and Climatology in Switzerland.” Enclosed in the envelope is a document urging them to scan a QR code and download the “Severe Weather Warning App” on Android devices. However, the QR code leads to a third-party website rather than the legitimate Google Play Store, and the National Cyber Security Centre (NCSC) of Switzerland has cautioned about a nearly identical counterfeit application harboring the Coper malware, also referred to as Octo2.
The Coper trojan is particularly hazardous as it intercepts two-factor authentication messages and push notifications. It targets banking applications on Android devices, pilfering credentials and other essential information to access user accounts. Additionally, it can receive commands from external servers and seeks broad permissions to execute its malicious activities.
Distinguishing between authentic applications and fraudulent ones can be subtle yet crucial. For instance, the legitimate application is labeled “Alertswiss,” while the counterfeit version has the name “AlertSwiss” with a capital “S.” Deviations in logos and the presence of physical mail should raise red flags; after all, sending out physical letters incurs costs, indicating a serious commitment by the fraudsters.
“This is the first instance the NCSC has observed malware being distributed in this manner,” the agency noted to The Register. “The letters appear official, displaying the legitimate logo of the Federal Office for Meteorology, thereby gaining trust. Additionally, the scammers create a sense of urgency to prompt hasty decisions from recipients.”
While QR code scams are not new, this is the first incidence involving physical mail as the delivery method.
Although this news is troubling, there is a small silver lining: the reported attacks have been localized to Switzerland and primarily impact Android users. QR codes are not inherently malicious, as they have enhanced conveniences such as donating money and viewing restaurant menus. However, it’s essential to exercise caution regarding the origin of any QR code before scanning and following the associated instructions.