Cybercriminals Exploit Traditional Mail to Target Android Users
The rise of cybercrime has introduced a bizarre twist to conventional means of communication, as nefarious actors are now leveraging traditional postal services, commonly referred to as “Snail Mail,” to distribute malware aimed at Android smartphones. The Swiss National Cyber Security Center (NCSC) recently issued an alert regarding this alarming trend, showcasing how obsolete practices are being repurposed for malicious intent.
This assault involves counterfeit physical letters that falsely promote the “MeteoSwiss” application, an official platform designed to provide natural disaster updates. Cybercriminals have crafted a fraudulent version of this app, embedding a QR code that leads to a malicious download when scanned, consequently creating a significant risk for users.
Compounding this issue, the Swiss Federal Office for Civil Protection has corroborated these claims, noting that the deceptive app reflects the Alert-Swiss application. The malware, identified as “Coper,” has the potential to siphon sensitive user information, such as banking credentials, and transfer this data to remote servers controlled by the attackers. Experts highly recommend that individuals refrain from interacting with any QR codes from unsolicited mail or clicking on links from unknown sources to mitigate risks.
23andMe Faces Backlash Following Major Data Breach
In a separate incident, genetic testing firm 23andMe has come under scrutiny after reports surfaced indicating that personal data belonging to over 6.4 million customers may have been compromised through a cyberattack. This revelation coincides with ongoing rumors surrounding the company’s potential bankruptcy, raising further concerns among users regarding the security of their personal information, including genetic data.
23andMe’s privacy policy explicitly warns that in cases of bankruptcy, reorganization, or mergers, there is a possibility that user data could be sold or shared with third parties. Such disclosures have left many customers apprehensive about their privacy and the potential risks associated with their data if the company were to dissolve or be sold.
In response to the breach, 23andMe has announced the provision of financial compensation—amounting to $10,000—to qualifying individuals who can demonstrate hardship due to the incident. In April 2023, the company disclosed that around 14 million users had been affected, leading to allegations from some customers that their data is now being marketed on the dark web. This predicament has prompted class-action lawsuits, particularly from clients of Chinese and Ashkenazi Jewish descent, who present evidence indicating their data has been illicitly sold.
