Hackers have turned to snail mail as a malware distribution method.
In what I can only describe as a first in my decades of real-world experience covering cyber attacks of all shapes and sizes, cyber criminals have turned to decidedly old technology to distribute malware according to this new warning from the Swiss National Cyber Security Centre: snail mail. Yes, you read that right. It appears that good old-fashioned paper letters posted in envelopes with stamps on them, are being used as the starting point in a bunch of new phishing cyber attacks. Here’s what we know.
Hackers Are Using Printed QR Codes Sent By Snail Mail In Latest Swiss Cyber Attacks
As first reported by The Register, the Swiss National Cyber Security Center has issued a warning to citizens of Switzerland after cyber attacks employing the physical postal service were uncovered. The letters, posted using what we used to call snail mail in the early days of email, purport to have been sent by MeteoSwiss, the Swiss Federal Office of Meteorology and Climatology. The letters are, of course, fake. However, the QR code that is printed on them with so-called advice to download a severe weather warning app, is very real indeed. As is the threat posed to anyone who should do so.
The app itself is designed to look similar to the genuine Alertswiss app that comes from the Swiss Federal Office for Civil Protection. However, rather than alert the user to danger, the app is the danger in and of itself. The QR code, if scanned using the recipient’s smartphone, will download malware by the name of Coper, also known as Octo2. Once installed, this will attempt to steal sensitive data from apps already loaded on the device, including banking apps, the Swiss NCSC said.
Snail Mail Cyber Attacks Only Target Android Users
The good news is that these cyber attacks are only targeting people and businesses within Switzerland. The better news, for Swiss iPhone users at least, is that they are also only targeting Android smartphone users.
The Swiss NCSC advised that anyone who has received such a letter from these new cyber attacks and already downloaded the app should reset their device to factory settings to remove all trace of it.
I can only assume that, if these cyber attacks have been successful enough, other threat actors in other countries will try to repeat them. In which case, the advice to ignore such letters and only download apps from official app stores applies to everyone reading this.
