Hackers Go Retro: The Surprising Rise of Snail Mail in Cyber Attacks

The Old-Fashioned Cyber Threat

As first reported by The Register, cybercriminals in Switzerland have adopted an unconventional approach, leveraging physical letters to distribute malware. These letters, masquerading as official correspondence from MeteoSwiss, the Swiss Federal Office of Meteorology and Climatology, contain QR codes encouraging recipients to download what appears to be a severe weather alert app. However, scanning the QR code doesn’t prepare you for storms—it brings the storm straight to your device.

The Danger Behind the QR Code

The app linked to the QR code is a counterfeit version of the genuine Alertswiss app, which is used for civil protection alerts. Instead of safeguarding the user, this fake app, once installed, downloads malware known as Coper (or Octo2).

Coper targets sensitive information on Android devices, particularly data from banking and other high-value apps. According to the Swiss NCSC, victims who install this malware risk severe data breaches, including financial loss.

Why Snail Mail?

This attack taps into an area of low vigilance: physical correspondence. While digital phishing emails or messages often trigger suspicion, traditional letters don’t have the same psychological association with scams.

“Delivering QR code letters via Switzerland’s postal service is an effective way for criminals to catch unsuspecting victims,” said Mike Britton, Chief Information Officer at Abnormal Security. “By pretending to be a trusted source, threat actors are banking on the lack of caution recipients may have.”

A New Era of QR Code Exploits

As QR codes become more integrated into daily life—used for everything from menus to payments—this attack highlights a significant blind spot. Unlike digital threats, where automated tools can detect phishing attempts, physical QR code scams rely entirely on human vigilance.

Britton warns that these types of scams are likely to evolve, with attackers imitating trusted sources at opportune moments, as seen in the UK’s recent Winter Fuel Payment scam.

Limited Targets (For Now)

For now, the damage is localized. The attacks are targeting Android users in Switzerland, leaving Swiss iPhone users and global users unscathed—for now. However, if these attacks prove successful, it’s likely that cybercriminals in other countries will adopt similar methods.

What Should You Do?

If you receive a suspicious letter with a QR code, follow these precautions:

1. Avoid Scanning Unfamiliar QR Codes: Only scan codes from verified, trusted sources.

2. Stick to Official App Stores: Download apps exclusively from Google Play or Apple’s App Store.

3. Reset Your Device: If you’ve accidentally downloaded a malicious app, reset your device to factory settings immediately.

The Nostalgia Train of Cybercrime?

While this attack seems unique, it’s a timely reminder of how innovative and adaptive cybercriminals can be. Today, it’s snail mail. Tomorrow, could it be telegrams? "Dear victim, kindly scan this code to ruin your life, STOP."

Stay vigilant and remember that cybersecurity is about staying one step ahead—regardless of how old-school the threat may appear.