Malicious Android app masquerades as Swiss weather service, delivered via snail mail

A factory reset is recommended for infected devices

by · TechSpot

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

Facepalm: Traditional mail services have largely been replaced by email and other forms of digital communication. However, physical letters still find their way to rusty, unsupervised, and often forgotten mailboxes. Alarmingly, cybercriminals are now exploiting traditional mail, attempting to trick recipients into installing malicious apps on their phones.

According to a recent alert from the Swiss National Cyber Security Centre (NCSC), unknown threat actors are distributing fake letters to spread a malicious Android app. The letters claim to be from the Federal Office of Meteorology and Climatology (MeteoSwiss), a legitimate organization that operates 88 weather stations across Switzerland.

The fraudulent letters urge recipients to download and install a new "Severe Weather Warning" app on their Android devices, conveniently providing a QR code for quick installation. However, the QR code links to a malicious app known as "Coper" or "Octo2." To deceive users, the app disguises itself with an icon resembling the legitimate AlertSwiss app, masking its true intent.

The legitimate AlertSwiss service is used by federal and cantonal agencies to provide weather information to Swiss citizens. However, the (NCSC warns that once the fake app is downloaded, the embedded malware attempts to steal sensitive personal data from 383 different apps. E-banking tools are reportedly among the malware's primary targets.

The NCSC is urging recipients of the fake letter to report the incident using the agency's official online form. The letter should then be securely destroyed. Meanwhile, initial digital countermeasures against the threat are already in place, according to the NCSC. The agency plans to use user reports to strengthen its efforts to combat the campaign.

The Coper/Octo2 malware appears to be more sophisticated than a typical cybercrime campaign. The Swiss cyber-security agency advises users who have already downloaded and installed the app to perform a factory reset on their smartphones. It's unclear whether this recommendation stems from extreme caution, a necessary step to fully remove the malware, or simply an overly strict (and admittedly inconvenient) security measure.

The NCSC is also offering practical advice to Swiss users, emphasizing the importance of not succumbing to pressure from unsolicited communications. The agency recommends downloading mobile apps exclusively from official app stores on both iOS and Android devices. Additionally, it's worth noting that scanning suspicious QR codes from unsolicited letters is never a wise decision in any situation.

Related Stories

Gmail may soon receive "email alias" feature to combat unsolicited mailEven with the effectiveness of filters and the widespread use of open standards like OAuth for delegated access, some users still struggle with spam. Fortunately, Gmail may...Alfonso Maruccia, 18 Nov 2024Android malware intercepts calls to banks, redirecting victims to fraudulent numbersFirst identified in 2022, FakeCall is a malicious piece of software that was developed to hijack bank accounts. It does this by intercepting calls made to financial...Skye Jacobs, 03 Nov 2024