Just when you thought you heard it all about hackers stealing passwords, something like this comes up. Hackers have been observed using snail mail, sent from a seemingly reputable source and then pushing recipients to download an app, to try and steal sensitive information.
As reported by The Register, victims received a letter from the “Federal Office of Meteorology and Climatology in Switzerland,” and inside was a physical piece of paper, pressuring them to use the QR code to download an app called “Severe Weather Warning App” for Android. However, once they scan the QR code, it takes them to a third-party site instead of the official Google Play Store. Switzerland’s National Cyber Security Centre (NCSC) has already warned about the almost identical-looking app that contains the malware Coper, also known as Octo2.
The Coper trojan horse is dangerous because it intercepts two-factor authentication texts and push notifications. It also attacks banking apps on your Android device, stealing data such as credentials and other information needed to log into your account. It can also respond to instructions from command-and-control servers and aims to gather lots of permission to get away with its evil deeds.
There are clear, but subtle differences between legitimate and fake apps. For example, the genuine app says “Alertswiss,” while the fake one says “AlertSwiss.” The difference is in the capital S. You might also notice some differences with the app logo, plus think about it: sending physical mail is not free, so this new method only makes you think about hackers’ success.
“It is the first time the NCSC sees malware delivery through this method,” the agency told The Register. “The letters look official with the correct logo of the Federal Office for Meteorology and thus trustworthy. In addition, the fraudsters build up pressure in the letter to tempt people into rash actions.”
QR code scams have been around for a while, but this is the first time we’ve heard about it being sent via physical mail.
While it’s definitely not good news, there’s a small silver lining to the situation since the attacks have only been caught happening in Switzerland so far — and are limited to Android users. Yet, all QR codes are not bad since they have improved and changed how we donate money and view the restaurant menu. But you definitely want to be careful about the source of the code before scanning and following its instructions.
Related Posts
Acer reveals Veriton compact PC to tackle the Mac mini with AMD Ryzen and plenty of AI mojo
Acer is making a direct play in that space with the Veriton RA110 AI Mini Workstation, a compact desktop that runs on AMD's Ryzen AI Max+ 395 processor, aimed at the same desk-bound professional who wants power without the tower.
Acer’s Swift Air 14 is a peppy MacBook Neo rival with some cool upgrades and a $699 ask
At a time when even mainstream laptops are creeping toward four-figure price tags, Acer’s latest machine feels refreshingly straightforward. It’s aimed at students, remote workers, and anyone who wants a laptop that looks and feels expensive without draining their bank account. The Swift Air 14 is powered by Intel’s new Core Series 3 processors and delivers up to 19 hours of battery life. That’s the sort of endurance that could realistically get many users through a full workday and beyond without scrambling for a charger.
Google Drive can now batch-scan your documents and spare you a few other frustrations, too
Well, Google Drive's new document scanner redesign fixes all three problems at once. Announced by Sameer Samat, the President of Android Ecosystem at Google, the feature is now rolling out for Android users.