- Swiss citizens warned about fake ‘Alertswiss app’
- Malicious app deploys a variant of the Coper trojan
- Keystrokes, 2FA codes and credentials are at risk
The Swiss National Cyber Security Centre (NCSC) is warning the public about a recent malware campaign targeting citizens via the country’s postal service.
Residents are reportedly receiving letters through the post from what they believe to be the Federal Office of Meteorology and Climatology, urging them to install a fraudulent weather app.
The letters include a QR code to facilitate with the download of the Android-based ‘Severe Weather Warning App,’ which masquerades as the nation’s Alertswiss app.
Swiss citizens targeted by QR code malware
Using QR codes to spread malware isn’t new, however attack vectors can vary widely. When accessing online content, users should always be cautious of telltale signs that suggest the content they’re accessing is not legitimate.
In this case, the malicious app is labelled ‘AlertSwiss,’ whereas the genuine app is labelled ‘Alertswiss.’ It also has a slightly different icon. Furthermore, the app is distributed via a third-party website, rather than Google’s own Play Store, which is another key red flag.
Upon installation, the app deploys a Coper trojan variant that logs keystrokes, intercepts two-factor authentication messages and steals banking credentials by targeting apps installed on the victim’s device. According to the public warning, it has access to more than 383 smartphone apps.
The app also communicates with command-and-control servers, and can present phishing screens to obtain sensitive information from the victims.
The NCSC said that this was the first time that malware had been delivered through physical mail in the country: “The letters look official with the correct logo of the Federal Office for Meteorology and thus trustworthy.”
Citizens targeted by the letter are being urged to report it to the NCSC. Those who have already downloaded the app should reset their phones to factory settings.
Via The Register