Swiss hackers are going old-school using snail mail! Switzerland’s National Cyber Security Centre(NCSC) has issued an alert about the country’s postal service being used to spread malware. Hackers have been sending letters to citizens, claiming to be from Meteo-Suisse, the nation’s Federal Office of Meteorology and Climatology. The letters contain a QR code which can be scanned to download a severe weather warning app for Android. This malicious app mimics the “Alertswiss” app from the Federal Office for Civil Protection, which is used by federal and cantonal agencies to inform, warn, and alert the population.
The malicious app has typo-squatted the original government app and is hosted on a third-party site instead of Google Playstore. The app contains a variant of the Coper Trojan(a.k.a Octo2), first discovered in July of 2021, which specialises in keylogging and intercepting SMS-based 2FA and push notifications. The arsenal of features that the Coper trojan provides suggests that the attackers are after the targets’ bank accounts.
The Swiss NCSC stated that the letters look official, with the correct logo of the Federal Office for Meteorology, and thus look trustworthy. In addition, the fraudsters build up pressure in the letter to tempt people into rash actions. The total number of people who have received such letters is unclear however, dozens of people have reached out to the NCSC upon receiving these letters suggesting that the total number is relatively low.
Sending snail mail in Switzerland typically costs about $1.35 a piece, meaning there is a significant cost to the attackers, making a conventional phishing campaign, that tries to reach as many people as possible, a very costly endeavour. This, combined with the low number of affected individuals, suggests that this might be a spearphishing campaign targeting specific individuals.n
The Swiss NCSC has offered the following recommendations for those affected:
- Ignore the letter and throw it away.
- Do not let yourself be put under pressure.
- Only download apps from the official app stores (App Store, Google Play Store).
- If you have already installed the app, reset the smartphone to the factory settings.
While abusing QR codes is nothing new, using postal services to deliver them is an interesting method to adopt and one that some targets will likely fall for. This campaign is a testament to the fact that malware can come from the most unlikely places. Cybercriminals tend to adopt extremely creative methods to get what they want and it is therefore essential to keep yourself aware of such incidents. Visit our homepage to explore more such stories.