Malicious URLs can now be found embedded in QR codes, so you will need to be extra vigilant when scanning any QR codes or clicking on spam emails. It’s not unusual that we are hearing about the rise of this type of URL/QR code threat vector. I’ve been researching about this type of threat for some time and included some examples in my writings over at Hakin9.
So how does this attack work? The attack vector is simple – use a traditional message – say drugs and send a spam email containing a link to a TAG website. In this instance, the TAG website is legitimate, which allows anyone to create QR codes with URLs. The malicious short TAG URL from the spam message will be loaded into the browser whereby a QR code will be displayed along with the full URL string. QR codes are read by QR readers (there are many across multiple mobile platforms) which then automatically load the malicious URL. It’s that simple.
This type of QR code threat uses an inherent flaw in human psychology – our desire to find out where/what the link takes us/is. In security circles we call this ‘social engineering’. Spam messages directing victims to short URLs that use embedded QR codes is the start of a new shift to focus cybercrime efforts on the ever growing popularity of the mobile platform. Virtualization is a must here!
Outside of the QR code and NFC ad/payment platform threat, rogue coupon malware apps will also continue to grow in popularity among the malware writing community especially given the tough economic months ahead. Stay vigilant folks!
Safe surfing folks!