Malware being delivered by mail, warns Swiss cyber agency

Avatar

Switzerland’s Federal Office for Cybersecurity (OFCS) issued a warning on Wednesday about “fake letters” from the country’s meteorological agency being used to spread malware.

The postal letters, dated to 12 November, claim to be offering people in the country a new weather app developed by the agency — MeteoSwiss — however they contain a QR code redirecting people to a malicious application developed by fraudsters.

According to OFCS, “by scanning the QR code in the letter, the phone user downloads malware known as ‘Coper’ and ‘Octo2’. When installing the fake app, the program attempts to steal sensitive data such as login details for more than 383 mobile apps, including e-banking apps.”

The use of real-world lures to infect people with malware is unusual due to the additional overheads that physical operations involve compared to online hacking.

While the use of the postal service to deliver commodity malware is rare, it is not unheard of. Microsoft previously confirmed that criminals have posted counterfeit packages designed to appear like its Office products in order to defraud people.

QR codes have been used in online phishing campaigns, and fraudulent codes have been used in the real-world — for instance posted over legitimate ones on parking ticket machines in the United Kingdom to redirect drivers to fraudulent websites.

The OFCS did not reveal how many individuals are believed to have been impacted by the fraudulent letters. It said the fake app imperfectly mimicked the real “Alertswiss” app developed by the country’s Office for Civil Protection.

Only Android phones were affected. Individuals who have installed the fake app were encouraged to factory reset their devices.

“Have you received such a letter? Please do not hesitate to send it to us electronically using our reporting form. In this way, you will help the OFCS to take appropriate measures. Then destroy the letter. We have already started to implement protective measures,” stated the agency.

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Cybercriminals target victims in Spain, Germany, Ukraine with Strela Stealer malware

Next Post

Indian police arrest suspect in $230 million WazirX crypto exchange hack

Related Posts

Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials

Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely convincing for victims to believe that they are providing credentials to
Avatar
Read More

Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks

Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data. "While these 'plug-and-play' options greatly simplify the setup process, they often prioritize ease of use over security," Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team
Avatar
Read More