Hackers were caught hiding password-stealing tricks in people’s physical mail

By Judy Sanhz Published November 19, 2024 1:06 PM

QR Code scam alert. — Digital Trends

Just when you thought you heard it all about hackers stealing passwords, something like this comes up. Hackers have been observed using snail mail, sent from a seemingly reputable source and then pushing recipients to download an app, to try and steal sensitive information.

As reported by The Register, victims received a letter from the “Federal Office of Meteorology and Climatology in Switzerland,” and inside was a physical piece of paper, pressuring them to use the QR code to download an app called “Severe Weather Warning App” for Android. However, once they scan the QR code, it takes them to a third-party site instead of the official Google Play Store. Switzerland’s National Cyber Security Centre (NCSC) has already warned about the almost identical-looking app that contains the malware Coper, also known as Octo2.

Recommended Videos

The Coper trojan horse is dangerous because it intercepts two-factor authentication texts and push notifications. It also attacks banking apps on your Android device, stealing data such as credentials and other information needed to log into your account. It can also respond to instructions from command-and-control servers and aims to gather lots of permission to get away with its evil deeds.

There are clear, but subtle differences between legitimate and fake apps. For example, the genuine app says “Alertswiss,” while the fake one says “AlertSwiss.” The difference is in the capital S. You might also notice some differences with the app logo, plus think about it: sending physical mail is not free, so this new method only makes you think about hackers’ success.

“It is the first time the NCSC sees malware delivery through this method,” the agency told The Register. “The letters look official with the correct logo of the Federal Office for Meteorology and thus trustworthy. In addition, the fraudsters build up pressure in the letter to tempt people into rash actions.”

QR code scams have been around for a while, but this is the first time we’ve heard about it being sent via physical mail.

While it’s definitely not good news, there’s a small silver lining to the situation since the attacks have only been caught happening in Switzerland so far — and are limited to Android users. Yet, all QR codes are not bad since they have improved and changed how we donate money and view the restaurant menu. But you definitely want to be careful about the source of the code before scanning and following its instructions.

Topics

Computing Writer

Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.

Computing

Hackers are using a devious new trick to infect your devices

A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Computing

This major Apple bug could let hackers steal your photos and wipe your device

A physical lock placed on a keyboard to represent a locked keyboard.

Apple’s macOS and iOS are often considered to be more secure than their rivals, but that doesn’t make them invulnerable. One security team recently proved that by showing how hackers could exploit Apple’s systems to access your messages, location data, and photos -- and even wipe your device entirely.

The discoveries were published on the blog of security research firm Trellix, and will be of major concern to iOS and macOS users alike, since the vulnerabilities can be exploited on both operating systems. Trellix explains that Apple patched the exploits in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as you can.

Computing

Hackers sink to new low by stealing Discord accounts in ransomware attacks

a faceless hacker in a black hoodie in front of a computer screen with lines of code on it.

As if ransomware wasn’t terrifying enough already, hackers are now trying to hold your Discord account hostage, as well as your files. Thankfully, you can grab your Discord back if you act quickly enough.
This new ransomware campaign was recently discovered by leading cybersecurity firm Cyble, and it’s a particularly nasty one. A wave of similar attacks is emerging, including AXLocker, Octocrypt, and Alice. Ransomware encrypts files on the infected computer before demanding that you pay to decrypt your files to regain access.

Something uniquely cruel about AXLocker is that it also copies your Discord token and sends it to the hacker's server, giving them an opportunity to access and steal your Discord account. The malware is sneaky and leaves file names and extensions intact as it encrypts files so you might not notice anything is wrong until you see the ransom note.