False letters allegedly sent by the Federal Office of Meteorology and Climatology (MétéoSuisse) are currently circulating. They contain a QR code allowing you to download a new weather application to your phone. But instead, it’s malware that mail recipients install on their phones. A software whose home screen closely resembles that of the Alertswiss application of the Federal Office for Civil Protection (OFPP).
These fake letters are obviously the work of scammers. This new weather app doesn’t exist. By scanning the QR code, the phone user downloads malware known as “Coper” and “Octo2”. When installing this application, the program attempts to steal sensitive data such as access data to more than 383 mobile applications, including e-banking applications. In particular, it intercepts identification confirmation SMS messages.
Only Android phones are affected. On these devices, once the software is installed, we see an “AlertSwiss” application appear, whose name and logo recall the “Alertswiss” application published by the OFPP. If the spellings are similar, the logos, depending on the version of Android, are sometimes different: rectangular logo in a white circle for the fake application, round logo for the real one. The OFPP application is an information, alert and alarm transmission application used by the services of the Confederation and the cantons for the population.
If you have received such a letter, “do not hesitate to send it to us electronically using our notification form,” says the Federal Office for Cybersecurity (OFCS). Then destroy the letter. The Office says it has started deploying defensive measures. If you downloaded and installed the app, reset your phone to factory settings.
As the OFCS reminds us, only download apps from official platforms (App Store, Google Play) and not with QR codes.
This phenomenon has so far mainly been observed in German-speaking Switzerland, but it could affect French-speaking Switzerland, as the Vaud cantonal police say in the alert video below.
