We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Beware of malicious QR codes: Report

Smartphone users advised to check QR codes are legitimate before scanning them

Cyber criminals have taken advantage of the proliferation of quick response (QR) codes on posters and marketing material by putting their own malicious stickers over the top of legitimate ones, warns security vendor, AVG Australia and New Zealand.

QR codes can be read by scanning the sticker or typing in the code using a smartphone with a QR code reader.

In its latest report, entitled AVG Community Powered Threat Q4 2011, the company warns that cyber criminals are now producing their own QR codes which contain text and URLs with hidden malware. For example, one piece of malware called 'JimmRussia' sends costly SMS messages to premium numbers and also redirects to a URL which downloads a malicious file.

AVG Technologies chief technology officer, Yuval Ben-Itzhak, said in a statement that the smartphone user does not know what lurks behind the code until the malware is installed and running. "Putting a malicious QR code sticker onto existing marketing material or replacing a website's bona fide QR code with a malicious one could be enough to trick many unsuspecting people," he said.

Ben-Itzhak added that compromising a website and replacing its legitimate QR code with malicious ones may not get the website owner's attention fast enough before the websites' mobile visitors get infected.

The report also found an increase in Android malware samples.

In December last year, Google removed another 22 malicious apps from the Android market, making a total of over 100 apps found in 2011.

Ben-Itzhak added that the use of stolen certificates is also making its way to mobile devices. "Digital certificates are often used to certify the identity of the author of an application," he said.

"If a criminal can get their hands on the certificate belonging to a major software developer, their malware can circumvent security provisions and give users a false sense of security."

Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU


IDG UK Sites

Acer Aspire R11 review: Hands-on with the 360 laptop and tablet convertible

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

See how Framestore created a shape-shifting, oil and metal based creature for Shell

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......