{"id":57686,"date":"2024-11-16T07:07:05","date_gmt":"2024-11-16T07:07:05","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/swiss-cheesed-off-as-postal-service-used-to-spread-malware\/"},"modified":"2024-11-16T07:07:05","modified_gmt":"2024-11-16T07:07:05","slug":"swiss-cheesed-off-as-postal-service-used-to-spread-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/swiss-cheesed-off-as-postal-service-used-to-spread-malware\/","title":{"rendered":"Swiss cheesed off as postal service used to spread malware"},"content":{"rendered":"

Switzerland’s National Cyber Security Centre (NCSC) has issued an alert about malware being spread via the country’s postal service.<\/p>\n

Citizens have been getting cunningly crafted<\/a> letters faked to look like they have been sent from the nation’s Federal Office of Meteorology and Climatology. They tell recipients to scan a QR code and download a “Severe Weather Warning App” for Android, which mimics the genuine Alertswiss weather app, but is spelled “AlertSwiss” in the bogus version and has a slightly different logo than the government build.<\/p>\n

The app, hosted on a third-party site and not the official Google Play Store, contains a variant of the Coper trojan<\/a>, first discovered in July 2021. Coper specializes in keylogging, intercepting two-factor authentication SMSes and push notifications, and going after banking apps installed on a device \u2013 stealing stored credentials and other data \u2013 thus allowing it to gather up all the info needed for its operators to log into people’s bank accounts and plunder them. It can also display phishing screens, it responds to instructions from command-and-control servers, and it asks for a load of permissions to get away with its skulduggery.<\/p>\n