- This is the only indoor security camera you'll ever need - and it's only $50 now
- Nvidia Blackwell chips face serious heating issues
- My favorite tablet for watching movies is not an iPad or Samsung Galaxy Tab
- Forget Dyson: Roborock's wet-dry vacuum left my floors spotless (and it's $180 for Black Friday)
- Extending the Interaction between AI Agents and Editors | Docker
Swiss Cyber Agency Warns of QR Code Malware in Mail Scam
A new malware campaign targeting Swiss residents through fake postal letters has been uncovered by the country’s National Cyber Security Centre (NCSC).
The scam involves fraudulent correspondence disguised as official communication from MeteoSwiss, the Federal Office of Meteorology and Climatology, urging recipients to scan a QR code and download a malicious weather app for Android devices.
The fake app, called “Severe Weather Warning App,” mimics the legitimate Alertswiss app but is labeled “AlertSwiss” with a slightly altered logo. Unlike the authentic app, which is available on the Google Play Store, the fraudulent version is hosted on an unverified third-party website.
Once installed, the app deploys a Coper Trojan variant to steal sensitive data, including banking credentials, and intercepts two-factor authentication (2FA) codes.
The Coper malware is particularly dangerous as it can log keystrokes, communicate with command-and-control (C2) servers and display phishing screens to gather additional information. It reportedly has access to over 383 smartphone applications, significantly expanding its threat.
Red Flags to Watch For
The Swiss NCSC described this as the first instance of malware being delivered through physical mail in Switzerland, with the letters appearing highly credible due to their use of official logos and urgent language. They warned individuals to look out for several warning signs, including:
-
Misspelled or altered app names (e.g., “AlertSwiss” instead of “Alertswiss”)
-
Apps hosted on third-party sites rather than official app stores
-
Requests to scan QR codes in unsolicited mail
“As a relatively new attack vector, QR code scams don’t have the kind of ingrained suspicion that we’ve come to expect from other phishing techniques,” said Mike Britton, CIO at Abnormal Security.
“Just as we’ve seen in the UK with a recent winter fuel payments scam, attackers are seeing success in imitating trusted sources in a timely manner. Unlike on the web where you can use automated solutions to catch phishing attempts, these attacks will be solely down to the individual to catch out.”
Additionally, unlike email-based attacks, mailing physical letters incurs higher costs, suggesting the campaign may be aimed at high-value targets.
Swiss residents are urged to destroy these letters and avoid scanning any QR codes they contain. If the malware has already been installed, the NCSC advises resetting devices to factory settings.