Week 24 in review

22.06.2021 - The NCSC again received a moderate number of reports last week. Numerous reports of text messages advertising a COVID-19 test subscription are examples of what to watch out for when it comes to advertising. A link to a supposed voice message, circulated via text message, leads to the Flubot malware. The page is only displayed if it is accessed from an Android smartphone.

Rules also exist for advertising

"Register for free for Switzerland's official COVID-19 test subscription and get 5 self-tests delivered to your home". This text message, which was sent with the sender name "Admin-CH", was reported to the NCSC several times last week. The link provided referred to a website where a subscription for the free COVID-19 tests could be taken out. Clarifications by the NCSC revealed that the site actually belonged to a Swiss pharmacy and that the same pharmacy had sent the text messages. After the NCSC intervened, the sender "Admin-CH" was removed, but the promotional text messages continued to be sent.

At this point, it should be mentioned that a number of things must be observed when sending out marketing material and that the law against unfair competition must be complied with. Advertising may only be sent to individuals who have previously agreed to receive such emails or text messages. If a customer relationship already exists, electronic advertising is permitted as long as an unsubscribe option is offered. In this case, the text messages were not only sent to people who were not customers, but there was also no possibility to unsubscribe.

Federal Act on Unfair Competition (UCA) (available in French, German, Italian): https://www.fedlex.admin.ch/eli/cc/1988/223_223_223/de

Malware instead of voicemail

You have received "new voicemail". At the moment, the NCSC is receiving numerous reports of text messages with a link to a supposed voicemail message. Anyone who clicks on the link in the text message is taken to a fake website, where the victim is prompted to download the message. In reality, however, it is a malicious APK (Android Package Kit) file. The page is personalised and displays the victim's mobile phone number to convey a certain level of trustworthiness to the victim.

Interestingly, the page is only displayed if it is accessed from an Android smartphone. If the page is called up from a computer, the user is directed to "normal" software from Deutsche Telekom in Google Play Store. This is to make security authorities and providers believe that everything is fine so that they do not deactivate or block the page.

Never install a program from a website that you clicked on via a link in an email or text message.
Only install necessary programs and apps, and only ever download them from the manufacturer's website or an official app store.

Website with a link to malware. The website is personalised and contains the recipient's mobile phone number.

Current statistics

Last week's reports by category

Reports per week during the last 12 months

Last modification 22.06.2021

Top of page