Just when you thought you heard it all about hackers stealing passwords, something like this comes up. Hackers have been observed using snail mail, sent from a seemingly reputable source and then pushing recipients to download an app, to try and steal sensitive information.
As reported by The Register, victims received a letter from the “Federal Office of Meteorology and Climatology in Switzerland,” and inside was a physical piece of paper, pressuring them to use the QR code to download an app called “Severe Weather Warning App” for Android. However, once they scan the QR code, it takes them to a third-party site instead of the official Google Play Store. Switzerland’s National Cyber Security Centre (NCSC) has already warned about the almost identical-looking app that contains the malware Coper, also known as Octo2.
The Coper trojan horse is dangerous because it intercepts two-factor authentication texts and push notifications. It also attacks banking apps on your Android device, stealing data such as credentials and other information needed to log into your account. It can also respond to instructions from command-and-control servers and aims to gather lots of permission to get away with its evil deeds.
There are clear, but subtle differences between legitimate and fake apps. For example, the genuine app says “Alertswiss,” while the fake one says “AlertSwiss.” The difference is in the capital S. You might also notice some differences with the app logo, plus think about it: sending physical mail is not free, so this new method only makes you think about hackers’ success.
“It is the first time the NCSC sees malware delivery through this method,” the agency told The Register. “The letters look official with the correct logo of the Federal Office for Meteorology and thus trustworthy. In addition, the fraudsters build up pressure in the letter to tempt people into rash actions.”
QR code scams have been around for a while, but this is the first time we’ve heard about it being sent via physical mail.
While it’s definitely not good news, there’s a small silver lining to the situation since the attacks have only been caught happening in Switzerland so far — and are limited to Android users. Yet, all QR codes are not bad since they have improved and changed how we donate money and view the restaurant menu. But you definitely want to be careful about the source of the code before scanning and following its instructions.
