### #CyberSecurity #MalwareAlert #Switzerland
Summary: Switzerland’s National Cyber Security Centre (NCSC) has warned citizens about a new malware campaign using fake letters from the Federal Office of Meteorology, urging them to download a malicious app. The app, disguised as a legitimate weather application, contains the Coper trojan, which can steal sensitive information and access banking credentials.
Threat Actor: Unknown | unknown
Victim: Swiss Citizens | Swiss Citizens
Key Point :
- Malware is being distributed through cleverly crafted letters that appear official.
- The fake app mimics the legitimate Alertswiss weather app but is hosted on a third-party site.
- The Coper trojan can log keystrokes, intercept SMS for two-factor authentication, and steal banking credentials.
- This is the first instance of malware delivery via postal service noted by the NCSC.
- The targeted nature of the campaign suggests a high-cost, low-volume approach to reach specific individuals.
Switzerland’s National Cyber Security Centre (NCSC) has issued an alert about malware being spread via the country’s postal service.
Citizens have been getting cunningly crafted letters faked to look like they have been sent from the nation’s Federal Office of Meteorology and Climatology. They tell recipients to scan a QR code and download a “Severe Weather Warning App” for Android, which mimics the genuine Alertswiss weather app, but is spelled “AlertSwiss” in the bogus version and has a slightly different logo than the government build.
The app, hosted on a third-party site and not the official Google Play Store, contains a variant of the Coper trojan, first discovered in July 2021. Coper specializes in keylogging, intercepting two-factor authentication SMSes and push notifications, and going after banking apps installed on a device – stealing stored credentials and other data – thus allowing it to gather up all the info needed for its operators to log into people’s bank accounts and plunder them. It can also display phishing screens, it responds to instructions from command-and-control servers, and it asks for a load of permissions to get away with its skulduggery.
“It is the first time the NCSC sees malware delivery through this method,” the agency told The Register. “The letters look official with the correct logo of the Federal Office for Meteorology and thus trustworthy. In addition, the fraudsters build up pressure in the letter to tempt people into rash actions.”
The agency told us that there’s no telling how many people got the letters because Switzerland does not have a universal reporting requirement for incidents like this. The NCSC told us it had, however, heard from over a dozen people. This low number makes sense when you think about it.
Sending this type of letter in Switzerland typically costs about $1.35 per piece, suggesting the scammers likely used it in a highly targeted manner for spear-phishing specific individuals. While email has allowed malware operators to reach millions at almost zero cost, doing it by mail changes the financial equation.
Of course, abusing QR codes is nothing new – we’ve been reporting on that since the early 2010s. Microsoft just the other week reported more than 15,000 messages with malicious QR codes targeting the education sector had been sent every day over the past year.
But posting them is a first for us. While it seems highly inefficient, if a high-value target falls for it, the proceeds may be worth it. After all, there’s a lot of wealth in Switzerland. ®
Source: https://www.theregister.com/2024/11/16/swiss_malware_qr