Hackers now sending physical malicious letters Swiss authorities warn Cybernews

p 2024 Cybernews Latest Cybersecurity and Tech News Research AnalysisppIs there anything threat actors wont do to gain initial access Swiss authorities are warning about a new sophisticated cybersecurity threat malicious counterfeit lettersppCyber bandits have launched a malicious campaign across Switzerland using counterfeit letters that appear to be from MeteoSwiss the Federal Office of Meteorology and ClimatologyppThe victims report that the letters contain a QR code asking recipients to download a new Severe Weather Warning AppppThe fraudulent letter pressures recipients by claiming that the app is mandatory and essential for family safety It instructs users to scan the included QR code with a smartphone and follow the subsequent instructions to download and install the appppIn light of the increasing frequency and intensity of severe weather events in Switzerland we the Federal Office of Meteorology and Climatology want to ensure your safety and that of your family the fake letter claimsppThe Swiss National Cyber Security Centre NCSC warns that fraudsters are using this method to load malware onto mobile devices The malicious app attempts to mimic the real Alertswiss app from the Federal Office for Civil Protection which agencies use to inform warn and alert the populationppThere is no such federal app with the name mentioned Rather the QR code shown in the letter leads to the download of malware called Coper also known as Octo2 the NCSCs alert readsppOcto2 malware is a credentialstealing Android banking trojan actively spreading in Italy Poland Moldova Hungary and other countriesppWhen the supposed Severe Weather Warning App is installed the malware attempts to access login data from over 383 smartphone apps including ebanking apps and exfiltrate it to an attackercontrolled serverppThe app used in this campaign has traits such as the spelling AlertSwiss instead of Alertswiss in the name the app icon also differs significantly from the genuine app The logo is rectangular in a white circle while the genuine app has a round logo ppHowever malicious apps can take many forms Previously hackers disguised Octo2 malware as Google Chrome NordVPN and Enterprise Europe Network appsppBased on our current detection no apps containing this malware are found on Google Play Android users are automatically protected against known versions of this malware by Google Play Protect which is on by default on Android devices with Google Play Services Google Play Protect can warn users or block apps known to exhibit malicious behavior even when those apps come from sources outside of Play a Google spokesperson saidppSwiss authorities recommend users ignore the letter and throw it away Initial countermeasures have already been taken against the scammersppDo not let yourself be put under pressure Only download apps from the official app stores App Store Google Play Store If you have already installed the app reset the smartphone to the factory settings the NCSC saidppUpdated on November 18th 0800 am GMT with a statement from Googlepppp
I hope you had many things to be thankful for this Thanksgiving Its also okay if you felt quite the opposite as the holiday mood may have felt forced upon you
pp
Your email address will not be published Required fields are markedmarked
pp 2024 Cybernews Latest Cybersecurity and Tech News Research Analysisp