QR Code Malware Picks Up Steam

From Dark Reading:

qr codeAs mobile marketers have latched onto the convenience and cool-factor of QR codes, hackers are starting to take advantage of these square, scannable bar codes as a new way to distribute malware. Like all mobile attack vectors, it is a new frontier that security researchers say is not extremely prevalent but which has a lot of potential to wreak havoc if mobile developers and users stand by unaware.

The success behind QR code usage among mobile fans has largely been pinned on its simplicity.

“QR codes are growing in popularity and seem to be popping up everywhere – magazine ads, newsletters, real estate signs, newspaper ads and in trade show booths,” says Paul Henry, security and forensic analyst at Lumension. “In the simplest of terms, a QR code is a 2D barcode that can store data which can then be read by smart phone users. The data is an easy way to direct a user to a particular website with a simple scan of the QR code, but it could also just as easily be a link to a malicious website.”

Just point your mobile device’s camera on the code, scan it and the reading will take you to the website or mobile app download that its promoter promises to provide. The difficulty is that you’re depending on the honesty of that provider or the assumption that the code hasn’t been tampered with to know the destination is legitimate.

“QR codes, while perhaps convenient for the user, clearly open the door to the clever obfuscation of malicious links for would-be bad guys,” Henry says.

The simplicity is a double-edged sword because it actually hides the nature of the individual QR code, not giving you any clues as to whether the destination really is good or bad.

“The big problem is that the QR code to a human being is nothing more than ‘that little square with a bunch of strange blocks in it.’ There’s no way to tell what is behind that QR code,” says Damon Petraglia, director of forensic and information security services for Chartstone. “And the biggest risk is that people cannot deny their own curiosity. If people see a random QR code that’s not connected to anything, just a sticker on the wall, they’re going to scan it QR Code Reader iPhone app or Android App because they want to know what the heck it is.”

Attackers depend on that curiosity and the innate obfuscation of QR codes to craft their attacks.

3 Responses to “QR Code Malware Picks Up Steam”

  1. Our company has had some interest in these kinds of promotional items and had some graphics prepared by another organization. Is it possible to use the same artwork? The company is Concord Signs & Banners 3568 Kimball Way Concord, CA 94518 – 925-808-3817. I’m not sure if the art files will be in a data format that you can make use of.

    • admin says:

      Hello and thank you for contacting YPrintit.

      If you wish to use your own graphics, you can use the QR card conversion service. For details please check out:

      Please let us know if you have any questions about this service.

      The YPrintit Team

  2. After looking over a few of the blog posts on
    your web site, I truly like your technique of blogging.
    I bookmarked it to my bookmark site list and will be checking back soon.
    Please visit my website too and let me know how
    you feel.

    Here is my web-site … sky Cardsharing News

Leave a Reply