- Build a strong data foundation for AI-driven business growth
- New AI-Driven Semantic Search and Summarization
- The best Black Friday soundbar and speaker deals: Save on Bose, Sonos, Beats, and more
- This is the only indoor security camera you'll ever need - and it's only $50 now
- This Samsung phone is the model I recommend to most people (and it's $175 off right now)
Swiss Cyber Agency Warns of QR Code Malware in Mail Scam
A new malware campaign targeting Swiss residents through fake postal letters has been uncovered by the country’s National Cyber Security Centre (NCSC).
The scam involves fraudulent correspondence disguised as official communication from MeteoSwiss, the Federal Office of Meteorology and Climatology, urging recipients to scan a QR code and download a malicious weather app for Android devices.
The fake app, called “Severe Weather Warning App,” mimics the legitimate Alertswiss app but is labeled “AlertSwiss” with a slightly altered logo. Unlike the authentic app, which is available on the Google Play Store, the fraudulent version is hosted on an unverified third-party website.
Once installed, the app deploys a Coper Trojan variant to steal sensitive data, including banking credentials, and intercepts two-factor authentication (2FA) codes.
The Coper malware is particularly dangerous as it can log keystrokes, communicate with command-and-control (C2) servers and display phishing screens to gather additional information. It reportedly has access to over 383 smartphone applications, significantly expanding its threat.
Red Flags to Watch For
The Swiss NCSC described this as the first instance of malware being delivered through physical mail in Switzerland, with the letters appearing highly credible due to their use of official logos and urgent language. They warned individuals to look out for several warning signs, including:
-
Misspelled or altered app names (e.g., “AlertSwiss” instead of “Alertswiss”)
-
Apps hosted on third-party sites rather than official app stores
-
Requests to scan QR codes in unsolicited mail
“As a relatively new attack vector, QR code scams don’t have the kind of ingrained suspicion that we’ve come to expect from other phishing techniques,” said Mike Britton, CIO at Abnormal Security.
“Just as we’ve seen in the UK with a recent winter fuel payments scam, attackers are seeing success in imitating trusted sources in a timely manner. Unlike on the web where you can use automated solutions to catch phishing attempts, these attacks will be solely down to the individual to catch out.”
Additionally, unlike email-based attacks, mailing physical letters incurs higher costs, suggesting the campaign may be aimed at high-value targets.
Swiss residents are urged to destroy these letters and avoid scanning any QR codes they contain. If the malware has already been installed, the NCSC advises resetting devices to factory settings.
