【Oh Mi】-Expressing Aspiration Information Network
Latest News:
Operation Mensch Zoom hackers are spoofing HR meeting invites to steal user login info Apple Music is now available on Samsung TVs How I manage a business with depression and anxiety How to Settle Down with Dystopia 15 Star Wars quotes to live by Airbnb introduces new cleaning standards and 24 Tesla cars with updated Autopilot will now stop at traffic lights Virtual Reality: The True Cost of Admission (and Why It Doesn't Matter) 'Parks and Recreation' announces socially distanced reunion special
Current Location: Home > Tech > 【Oh Mi】

【Oh Mi】

2025-06-26 07:20:07 [Science] Source: Expressing Aspiration Information Network

We've warned you about QR code scamsbefore. Now,Oh Mi we're warning you about a new QR code scam – one that may show up in your physical mailbox.

The National Cyber Security Centre (NCSC) in Switzerland has issueda new alert based on a new scheme from hackers and scammers that weaponizes the postal service. The scam involves a physical piece of mail arriving at a target's door, urging them to download an app. 

The app, which can be downloaded via a QR code displayed on the mailer, is actually malware disguised as a legitimate app that can steal data from the user's device.

You May Also Like

A new type of QR code scam

The hackers and scammers behind this fraudulent scheme imitate Switzerland's Federal Office of Meteorology and Climatology, right down to the official governmental seals on the mailed document. The mailer urges recipients to scan the QR code in order to download a "Severe Weather Warning App" for Android devices. 

When the QR code is scanned, users aren't taken to the official Google Play store, but instead a third-party site. Once there, they are asked to download an "AlertSwiss" app.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

As first reported on by The Register,there are some obvious discrepancies between the hacker's app and the real one that it copies. There is a genuine government app with the same name, but it's called "Alertswiss," without the capitalized "S." In addition, while the fake app attempts to mimic the app logo, it isn't exactly the same.

The fake app, when downloaded, installs a "variant of the Coper trojan" malware on the target's device. This malware can log the user's activity on the device, stealing passwords, messages, notifications, as well as other sensitive information. In addition, phishing pages can be automatically displayed on the infected device as well.

NCSC told The Register that this was the first time it had ever come across malware being delivered via physical mail in this way. 

Unlike email, there is a cost associated with sending each piece of physical mail, so this attack method must be delivering some level of success to the scammers behind it.

If bad actors aren't already looking at replicating this campaign outside of Switzerland yet, this warning should serve as an important notice to be on the look out for QR code scams being sent to your physical address in the not-so-distant future.

Topics Cybersecurity

(Editor: {typename type="name"/})

Related Articles
Recommended
Hot Reads
Random

友情链接

接受PR>=1、BR>=1,流量相当,内容相关类链接。