Officials warn of new hacking scheme involving QR codes and your physical mailbox

Scammers are always looking for new ways to take advantage of unsuspecting people, and according to Switzerland's National Cyber Security Center (NCSC) there is a rise in a new method of scamming, and it involves the use of QR codes and the traditional postage system.

2

In a new statement issued by the National Cyber Security Center, hackers are attempting a new scheme to get malware into as many devices as possible, and it involves sending fake letters, such as the one above, to residents that request they download a "Severe Weather Warning App" for Android via the provided QR code. The letters were faked to look like letters sent from the nation's Federal Office of Meteorology and Climatology, and the app the scammers requested residents to download was designed to mimic the official Alertswiss weather app by using a similar name "AlertSwiss," and a slightly different logo.

The fraudulent app took users that scanned it to a third-party site and not the official Google Play Store, which, for those unfamiliar with the rules of the road when downloading apps - the general rule of thumb is don't download any application onto your device that isn't from the official app marketplaces. The scamming app contained a version of the Copper trojan, malware designed specifically for keylogging purposes, gathering two-factor authentication information, tracking notifications and SMSs, and stealing stored user credentials from other applications.

Swiss authorities are unaware how many residents received these letters containing the fraudulent QR code, but they did inform The Register they had heard form more than a dozen people who received letters.