The Swiss National Cyber Security Centre (NCSC) has issued a warning about physical letters containing malicious QR codes being sent through the mail. The letters, falsely attributed to the official Swiss Federal Office of Meteorology and Climatology (MeteoSwiss), urge recipients to install a non-existent “severe weather app.”
Scanning the QR code leads to a banking Trojan known as Coper or Octo2. Coper is a sophisticated Malware-as-a-Service that can be customized and distributed by malicious actors targeting regions including Europe, the US, Canada, the Middle East, Singapore, and Australia.
The fake app, disguised under the name “AlertSwiss” when installed on Android devices, can be customized with different names for various campaigns. The real app’s name, “Alertswiss,” by the Federal Office for Civil Protection, makes the fake app’s slight naming difference more convincing. To protect yourself, keep your device updated to safeguard against known vulnerabilities.
Approach scanning QR codes with caution, using an app that displays the full URL and asks for confirmation before visiting the encoded URL. Modern Android devices have a native QR code scanning capability in the camera app. Disable any features in QR code scanner apps that automatically execute actions such as opening a website or downloading a file.
Protecting mobile devices is as crucial as protecting computers.
Swiss NCSC warns of QR threats
Use anti-malware solutions to safeguard your devices.
Stay vigilant and informed to protect your personal and organizational data from emerging threats. The use of real-world lures to infect people with malware is unusual due to the additional overheads that physical operations involve compared to online hacking. While the use of the postal service to deliver commodity malware is rare, it is not unheard of.
The OFCS did not reveal how many individuals are believed to have been impacted by the fraudulent letters. Individuals who have installed the fake app were encouraged to factory reset their devices. “Have you received such a letter?
Please do not hesitate to send it to us electronically using our reporting form. In this way, you will help the OFCS to take appropriate measures. Then destroy the letter.
We have already started to implement protective measures,” stated the agency.
