Malicious QR codes pop up on traffic-heavy locations
Posted on 11 December 2012.
QR codes - those matrix barcodes that you can now find almost anywhere - are very handy for directing users to specific sites by simply scanning them with their smartphones.

But the ease with which this technology works has made it also a favorite of malware peddlers and online crooks, which have taken to including QR codes that lead to malicious sites in spam emails.

They have also begun using the same tactic in the physical world, by printing out the malicious QR codes on stickers and affixing them on prominent places in locations where there is a lot of foot traffic, The Register reports.

According to Symantec Hosted Services director Warren Sealey, these locations include airports and city centers, where the crooks stick them over genuine QR codes included in advertisements and notices, and most likely anywhere a person might look and be tempted to scan them.

For example, if you are a tourist and want to know more about a church or a building of historic importance, in Western European countries you'll often have the option of scanning a QR code for loading the information.

To make these QR codes easy to scan, the notices that sport them are often easy to reach and, thus, easy for crooks to superimpose their own malicious QR codes on top of the legitimate ones.

I've personally seen random stickers with QR codes with no explanation whatsoever on public transport seats or similar places, and have often been tempted to see what they are about. Whether they were malicious or not I don't know, but it just goes to show that innate human curiosity is a great asset for cyber crooks.

The only thing that users can do for now to protect themselves from this threat is to download and install a QR reader that checks the website's reputation, and then offers them the option of taking them there or not. While this solution is not foolproof, it's still much better than the alternative of blindly following where the QR code takes them.






Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Sep 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //