"Snail Mail" Malicious QR Codes: Steps To Lower Your Risk

August 14, 2025

Malicious QR codes are being sent in the mail to deliver malware. A sophisticated cyberattack campaign has been discovered that uses physical letters to distribute malware via QR codes.

These letters are crafted to appear as official correspondence from the Swiss Federal Office of Meteorology and Climatology (MeteoSwiss), urging recipients to install a fake "severe weather app." However, the app does not exist, and the letters are fraudulent.

When scanned, the QR codes lead to the installation of a banking Trojan known as Coper (also referred to as Octo2). Coper operates as a Malware-as-a-Service (MaaS), allowing cybercriminals to rent the malware and its infrastructure to run their own campaigns.

These campaigns have been observed targeting regions including Europe, the United States, Canada, the Middle East, Singapore, and Australia.

Coper is particularly dangerous due to its advanced capabilities. It can take over devices remotely, evade detection through obfuscation techniques, and perform overlay attacks to steal credentials.

The malware is disguised under names like "AlertSwiss" to mimic legitimate apps such as "Alertswiss," which is used by Swiss authorities for public alerts. This subtle naming trick enhances the credibility of the scam.

The use of QR codes in physical mail provides attackers with several advantages. It exploits the trust people place in official-looking documents and the widespread use of QR codes, especially since the COVID-19 pandemic normalized their presence in everyday life.

Moreover, mobile devices, which are typically used to scan QR codes, often lack robust security software and may suffer from outdated operating systems or delayed security patches, making them more vulnerable to such attacks.

Source: https://www.malwarebytes.com/blog/news/2024/11/malicious-qr-codes-sent-in-the-mail-deliver-malware

Commentary

To be clear, the QR codes described above are delivered through the mail. Ironically, in the age of digital spam, junk mail is viewed as "trustworthy" by some.

To help employees stay safe from QR code scams - especially those involving malicious codes sent through physical mail - employers should provide clear, actionable guidance that raises awareness and encourages vigilance.

First, employees should be made aware that QR codes, while convenient, can be exploited by cybercriminals to deliver malware or steal sensitive information.

These scams often involve fake QR codes that redirect users to malicious websites or prompt them to download harmful apps. In some cases, scammers even overlay counterfeit QR codes on legitimate ones, making them difficult to detect.

Next employers should explain the concept of "quishing" - a form of phishing that uses QR codes instead of links. These scams may arrive via email, text, or even physical mail, and often impersonate trusted organizations.

Employees should be skeptical of any unsolicited communication, including "snail mail" that includes a QR code, especially if it urges immediate action or claims to be from a government agency or well-known brand.

Finally, it is important to educate employees that scanning an unverified QR code can lead to serious consequences. These include the theft of login credentials, personal data, or financial information, as well as the installation of malware that can compromise the entire device or corporate network. Some malicious websites may even trigger automatic downloads without the user's consent.

A four-step education solution could look like:

The final takeaway is that employers might also consider implementing technical safeguards, such as mobile device management (MDM) policies, endpoint protection, and regular cybersecurity training that includes real-world examples of QR code scams.

Finally, your opinion is important to us. Please complete the opinion survey: