Must Know: QR Code Experimentation by Threat Actors
QR codes, also known as Quick Response codes, have been around for quite some time. They were first invented in Japan in 1994 by Denso Wave, a subsidiary of Toyota, and were originally used to track vehicle manufacturing. Since then, their popularity has grown, and they are now commonly used for a variety of purposes, from marketing and advertising to contactless payments and ticketing. However, as with any technology, QR codes have also become a tool for threat actors to exploit, and they are increasingly being used as part of cyberattacks.
Threat actors are experimenting with QR codes to deliver malware and phishing attacks. QR codes can be scanned quickly and easily with a smartphone camera, making them an ideal delivery mechanism for attackers looking to trick users into downloading malicious software or providing sensitive information.
Threat actors are also using QR codes to deliver malware. Malicious QR codes can be embedded in emails, text messages, or even printed materials, and when scanned, they can download and install malware on the user’s device. This malware can then be used to steal sensitive information, such as passwords and credit card numbers, or to take control of the device and use it for other nefarious purposes.
One recent example of this was the use of QR codes in a phishing campaign targeting iPhone users. The attackers sent out text messages to victims, claiming to be from Apple support, and asking them to click on a link to download a software update. When the victim clicked on the link, they were taken to a fake website where they were prompted to scan a QR code to download the update. The QR code contained a malicious payload that installed a fake VPN app on the victim’s device, which was then used to steal their login credentials.
To protect against these types of attacks, it is important for users to be cautious when scanning QR codes, especially if they are from an unknown source. It is also important to keep your device’s software up to date, as many security vulnerabilities can be exploited through QR codes. Additionally, it is a good idea to use a mobile security solution that can scan QR codes for malicious content and alert you if there is a potential threat.
Organizations can also take steps to protect their employees and customers from QR code-based attacks. This includes educating employees about the risks of scanning unknown QR codes, implementing security policies that restrict the use of QR codes for certain purposes, and using mobile device management (MDM) solutions that can monitor and control the use of QR codes on company-owned devices.
A significant increase in QR scan scams has been observed since October 2022. These scams are designed to trick users into scanning QR codes with their mobile devices, which can potentially take advantage of weaker phishing protection and detection on mobile devices. QR codes redirect users to malicious websites that ask for sensitive information like credit and debit card details.
Furthermore, a 0.38% rise has been observed in malicious PDF attachments that use embedded images to link to encrypted malicious ZIP files. These attachments bypass web gateway scanners, and the PDF instructions contain a password that the user is tricked into entering to unpack a ZIP file.
QR codes are a convenient and efficient way to share information and complete transactions. However, as with any technology, they can also be used by threat actors to deliver malware and phishing attacks. As such, it is important for individuals and organizations to be aware of the risks associated with QR codes and take steps to mitigate those risks. By being vigilant and staying up to date on the latest threats and best practices, we can continue to use QR codes safely and securely.
Author: Manjushree Gavitre