We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Beware of malicious QR codes: Report

Smartphone users advised to check QR codes are legitimate before scanning them

Cyber criminals have taken advantage of the proliferation of quick response (QR) codes on posters and marketing material by putting their own malicious stickers over the top of legitimate ones, warns security vendor, AVG Australia and New Zealand.

QR codes can be read by scanning the sticker or typing in the code using a smartphone with a QR code reader.

In its latest report, entitled AVG Community Powered Threat Q4 2011, the company warns that cyber criminals are now producing their own QR codes which contain text and URLs with hidden malware. For example, one piece of malware called 'JimmRussia' sends costly SMS messages to premium numbers and also redirects to a URL which downloads a malicious file.

AVG Technologies chief technology officer, Yuval Ben-Itzhak, said in a statement that the smartphone user does not know what lurks behind the code until the malware is installed and running. "Putting a malicious QR code sticker onto existing marketing material or replacing a website's bona fide QR code with a malicious one could be enough to trick many unsuspecting people," he said.

Ben-Itzhak added that compromising a website and replacing its legitimate QR code with malicious ones may not get the website owner's attention fast enough before the websites' mobile visitors get infected.

The report also found an increase in Android malware samples.

In December last year, Google removed another 22 malicious apps from the Android market, making a total of over 100 apps found in 2011.

Ben-Itzhak added that the use of stolen certificates is also making its way to mobile devices. "Digital certificates are often used to certify the identity of the author of an application," he said.

"If a criminal can get their hands on the certificate belonging to a major software developer, their malware can circumvent security provisions and give users a false sense of security."

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU

IDG UK Sites

Sky to offer mobile phone contracts with O2: Will Vodafone make a move?

IDG UK Sites

Windows 10: a guaranteed success. Probably.

IDG UK Sites

Do we need to fight the government again over design and art education?

IDG UK Sites

How to make money selling books on the iBookstore, publish your book in Apple's book store