Skip to main content
  1. Home
  2. Computing
  3. News

Hackers were caught hiding password-stealing tricks in people’s physical mail

Add as a preferred source on Google
QR Code scam alert.
Digital Trends

Just when you thought you heard it all about hackers stealing passwords, something like this comes up. Hackers have been observed using snail mail, sent from a seemingly reputable source and then pushing recipients to download an app, to try and steal sensitive information.

As reported by The Register, victims received a letter from the “Federal Office of Meteorology and Climatology in Switzerland,” and inside was a physical piece of paper, pressuring them  to use the QR code to download an app called “Severe Weather Warning App” for Android. However, once they scan the QR code, it takes them to a third-party site instead of the official Google Play Store. Switzerland’s National Cyber Security Centre (NCSC) has already warned about the almost identical-looking app that contains the malware Coper, also known as Octo2.

Recommended Videos

The Coper trojan horse is dangerous because it intercepts two-factor authentication texts and push notifications. It also attacks banking apps on your Android device, stealing data such as credentials and other information needed to log into your account. It can also respond to instructions from command-and-control servers and aims to gather lots of permission to get away with its evil deeds.

There are clear, but subtle differences between legitimate and fake apps. For example, the genuine app says “Alertswiss,” while the fake one says “AlertSwiss.” The difference is in the capital S. You might also notice some differences with the app logo, plus think about it: sending physical mail is not free, so this new method only makes you think about hackers’ success.

“It is the first time the NCSC sees malware delivery through this method,” the agency told The Register. “The letters look official with the correct logo of the Federal Office for Meteorology and thus trustworthy. In addition, the fraudsters build up pressure in the letter to tempt people into rash actions.”

QR code scams have been around for a while, but this is the first time we’ve heard about it being sent via physical mail.

While it’s definitely not good news, there’s a small silver lining to the situation since the attacks have only been caught happening in Switzerland so far — and are limited to Android users. Yet, all QR codes are not bad since they have improved and changed how we donate money and view the restaurant menu. But you definitely want to be careful about the source of the code before scanning and following its instructions.

Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
How to install macOS 27 Golden Gate public beta on your Mac?
From a smarter Siri to a more reliable Spotlight, here's your full walkthrough for installing macOS 27 Golden Gate's public beta today.
macOS 27 Golden Gate

Along with iOS 27’s public beta, Apple has also released macOS 27 Golden Gate’s public beta build, so that early adopters can get their hands on the new features, including Siri AI, and provide timely feedback to help ensure a stable iOS launch in September. 

If you’re sold on all the new features but don’t want to put your faithful MacBook through developer beta duty, a public beta offers a much more refined experience. To install macOS 27’s public beta, follow the steps given below. 

Read more
Microsoft is finally fixing the worst thing about Windows Search, but you can’t try it just yet
Windows Insiders in the Experimental channel are getting a Search experience that finally feels less of a billboard and more of what users actually need.
Page, Text, Person

Windows Search has been a mess for years, and I do not use that word lightly. Open it to find a file, and you get trending Bing topics, Microsoft Store promotions, and an AI tools tile that just opens a browser. 

That is changing, but not immediately for all users. Microsoft is rolling out a batch of Windows Search improvements to Insiders in the Experimental channel, and for once, this isn't just a fresh coat of paint.

Read more
Apple doesn’t want to share this AirPods feature with Meta, but the EU may force its hand
Spring 2027, EU only, built under DMA pressure.
The front of the Ray-Ban Meta smartglasses.

I’ve been an AirPods user for the last four years, and one of the things that makes it genuinely hard to leave behind is the seamless, almost magical pairing experience across devices. Open an AirPods case near your iPhone, and a pop-up appears within seconds. Switch to your Mac and the audio follows. 

However, the experience is limited only to Apple devices. Doesn’t matter whether you have one of the coolest pieces of tech on the market right now; if it’s not Apple, it won’t get the same treatment. However, that might change for the Meta Quest or the Ray-Ban Meta glasses, thanks to pressure from the EU. 

Read more