14.11.2024 - Physical letters with MeteoSwiss as the sender are currently being sent out. The letters ask the recipients to download a new ‘Severe Weather Warning App’ via a QR code. However, malware is downloaded to the smartphone instead. This looks similar to the Alertswiss app from the Federal Office for Civil Protection on the smartphone's home screen.
Caution: Fake letters on behalf of MeteoSwiss – Instead of a ‘Severe Weather Warning App’, malware is downloaded
The National Cyber Security Centre, the Federal Office of Meteorology and Climatology MeteoSwiss and the Federal Office for Civil Protection (FOCP) are currently receiving reports of suspicious physical letters purportedly sent by the Federal Office of Meteorology and Climatology. These letters are fake and have been sent by fraudsters who are trying to load malware onto mobile phones.
The letter asks the recipients to install a new severe weather app. However, there is no such federal app with the name mentioned. Rather, the QR code shown in the letter leads to the download of malware called ‘Coper’ (also known as ‘Octo2’). When the supposed ‘Severe Weather Warning App’ is installed, the malware attempts to steal sensitive data such as access data from over 383 smartphone apps, including e-banking apps.
The malware only affects smartphones that run on the Android operating system. As soon as the malware has been downloaded, it is displayed as the ‘AlertSwiss’ app on phones with the Android operating system. The spelling (‘AlertSwiss’ instead of ‘Alertswiss’) and, depending on the Android version, the app icon also differ significantly from the genuine app (rectangular logo in a white circle for the fake app, round logo for the genuine app). The real Alertswiss app from the Federal Office for Civil Protection is an app used by federal and cantonal agencies to inform, warn and alert the population.
If you have received such a letter, you can report it to the NCSC digitally using the reporting form. This helps to ensure that appropriate countermeasures are taken. You should then destroy the letter. Initial countermeasures have already been taken.
If you have already downloaded and installed the app, reset the affected smartphone (reset to factory settings).
Recommendations
- Ignore the letter and throw it away.
- Do not let yourself be put under pressure.
- Only download apps from the official app stores (App Store, Google Play Store).
- If you have already installed the app, reset the smartphone to the factory settings.
