We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Beware of malicious QR codes: Report

Smartphone users advised to check QR codes are legitimate before scanning them

Cyber criminals have taken advantage of the proliferation of quick response (QR) codes on posters and marketing material by putting their own malicious stickers over the top of legitimate ones, warns security vendor, AVG Australia and New Zealand.

QR codes can be read by scanning the sticker or typing in the code using a smartphone with a QR code reader.

In its latest report, entitled AVG Community Powered Threat Q4 2011, the company warns that cyber criminals are now producing their own QR codes which contain text and URLs with hidden malware. For example, one piece of malware called 'JimmRussia' sends costly SMS messages to premium numbers and also redirects to a URL which downloads a malicious file.

AVG Technologies chief technology officer, Yuval Ben-Itzhak, said in a statement that the smartphone user does not know what lurks behind the code until the malware is installed and running. "Putting a malicious QR code sticker onto existing marketing material or replacing a website's bona fide QR code with a malicious one could be enough to trick many unsuspecting people," he said.

Ben-Itzhak added that compromising a website and replacing its legitimate QR code with malicious ones may not get the website owner's attention fast enough before the websites' mobile visitors get infected.

The report also found an increase in Android malware samples.

In December last year, Google removed another 22 malicious apps from the Android market, making a total of over 100 apps found in 2011.

Ben-Itzhak added that the use of stolen certificates is also making its way to mobile devices. "Digital certificates are often used to certify the identity of the author of an application," he said.

"If a criminal can get their hands on the certificate belonging to a major software developer, their malware can circumvent security provisions and give users a false sense of security."

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite