Switzerland’s Federal Office for Cybersecurity (OFCS) issued a warning on Wednesday about “fake letters” from the country’s meteorological agency being used to spread malware.

The postal letters, dated to 12 November, claim to be offering people in the country a new weather app developed by the agency — MeteoSwiss — however they contain a QR code redirecting people to a malicious application developed by fraudsters.

According to OFCS, “by scanning the QR code in the letter, the phone user downloads malware known as ‘Coper’ and ‘Octo2’. When installing the fake app, the program attempts to steal sensitive data such as login details for more than 383 mobile apps, including e-banking apps.”

The use of real-world lures to infect people with malware is unusual due to the additional overheads that physical operations involve compared to online hacking.

While the use of the postal service to deliver commodity malware is rare, it is not unheard of. Microsoft previously confirmed that criminals have posted counterfeit packages designed to appear like its Office products in order to defraud people.

QR codes have been used in online phishing campaigns, and fraudulent codes have been used in the real-world — for instance posted over legitimate ones on parking ticket machines in the United Kingdom to redirect drivers to fraudulent websites.

The OFCS did not reveal how many individuals are believed to have been impacted by the fraudulent letters. It said the fake app imperfectly mimicked the real “Alertswiss” app developed by the country’s Office for Civil Protection.

Only Android phones were affected. Individuals who have installed the fake app were encouraged to factory reset their devices.

“Have you received such a letter? Please do not hesitate to send it to us electronically using our reporting form. In this way, you will help the OFCS to take appropriate measures. Then destroy the letter. We have already started to implement protective measures,” stated the agency.