Malicious QR codes pop up on traffic-heavy locations
Posted on 11 December 2012.
QR codes - those matrix barcodes that you can now find almost anywhere - are very handy for directing users to specific sites by simply scanning them with their smartphones.

But the ease with which this technology works has made it also a favorite of malware peddlers and online crooks, which have taken to including QR codes that lead to malicious sites in spam emails.

They have also begun using the same tactic in the physical world, by printing out the malicious QR codes on stickers and affixing them on prominent places in locations where there is a lot of foot traffic, The Register reports.

According to Symantec Hosted Services director Warren Sealey, these locations include airports and city centers, where the crooks stick them over genuine QR codes included in advertisements and notices, and most likely anywhere a person might look and be tempted to scan them.

For example, if you are a tourist and want to know more about a church or a building of historic importance, in Western European countries you'll often have the option of scanning a QR code for loading the information.

To make these QR codes easy to scan, the notices that sport them are often easy to reach and, thus, easy for crooks to superimpose their own malicious QR codes on top of the legitimate ones.

I've personally seen random stickers with QR codes with no explanation whatsoever on public transport seats or similar places, and have often been tempted to see what they are about. Whether they were malicious or not I don't know, but it just goes to show that innate human curiosity is a great asset for cyber crooks.

The only thing that users can do for now to protect themselves from this threat is to download and install a QR reader that checks the website's reputation, and then offers them the option of taking them there or not. While this solution is not foolproof, it's still much better than the alternative of blindly following where the QR code takes them.






Spotlight

The evolution of backup and disaster recovery

Posted on 25 July 2014.  |  Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department's approach to backup and disaster recovery, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //