The Anti-virus Times

Tuesday, October 17, 2023

QR codes are custom matrix bar codes that are used to store and transmit information. In other words, this is a machine-readable representation of text information. They can contain different types of data, including text, URLs, contacts, calendar events, and more. But the question arises: can malware be hidden in QR codes?

Let's find out in this article.

The creation of QR codes and their potential for information encryption

A QR code is the same as a bar code, but it holds more information that can be read quickly, and it is resistant to damage that often happens with paper labels.

Even videos or mp3 files can be encrypted with this code. Although these are mostly business cards, contact details and URL links.

What else can be encrypted with a QR code:

• information about a product on a store shelf or a dish in a café;
• an e-ticket for a train, plane or performance;
• a payment link or e-check;
• a link to an executable file.

QR codes are used in medicine when managing patient data, in logistics and business when creating interactive assignments for students, in tourism and wherever it is possible and necessary to make access to information fast.

Fraud involving QR codes

A QR code is most often a link to some information or payment. If the source text information contains the correct data or amount, the same will be encrypted in the QR code. If the information is incorrect, it will get into the code in the same distorted form, and it will be decrypted with an error.

How cybercriminals take advantage of that. Potentially, a binary malware file or an exploit can be encrypted in a QR code. An exploit uses security flaws or weaknesses to spread cyber threats. Theoretically, fraudsters can trigger the execution of this code on your device: when you scan a QR code, the vulnerable program will execute a dangerous code and perform the actions required by the attackers.

Even if this scenario works, such an attack is likely to be limited. For example, an attack targeting something that is very profitable for fraudsters. Or the vulnerability will be massive, so that reaching a wide range of users becomes profitable and justifiable.

Considering all the difficulties and restrictions, it is much easier and more reliable for attackers to use phishing and hide links to fraudulent and malicious sites in QR codes. This translates into great reach at minimal cost. Therefore:

The main danger for users is following dubious links from QR codes.

Several fraudulent schemes. With the help of a QR code in advertising brochures, posters, websites and social networks, attackers can lead you to a phishing site that at first glance looks like a legitimate one. You risk falling into their trap and thoughtlessly giving away your personal data or the CVV code from your bank card.

Our specialists are familiar with cases of fraudsters attaching fake QR codes to electric scooters. Again, banal phishing where the user is not expecting it! Since such codes are scanned by a mobile device's camera, gadgets need to be protected with anti-virus solutions.

Checking a QR code before using it

The checking process is an important step for protecting against possible threats, such as malware or phishing attacks. Here are some methods and recommendations to help guide you through this process.

• Evaluate the source's security. Do not scan QR codes received from strangers or via unreliable sources such as messages, emails, or websites. Read our article "How to identify a phishing site" to learn more about how to check the security of websites.
• If a QR code is designed to lead users to a webpage, it is important to verify the URL of the target resource. This can be done for free via our website. Make sure that the targeted page matches the expected domain or site and does not contain suspicious characters or typos that indirectly indicate a phishing attack.
• Pay attention to requests to enter confidential data. Be especially careful if a page that you have opened using a link from a QR code asks you for information, such as your passwords and credit card numbers, or details about your identity. Make sure that the request is official and expected, and do not provide this data if you have doubts.
• Activate additional security measures on your device. For example, you can enable the preview feature to see where a QR code leads before it is opened.
• Install an anti-virus.
• Stay alert for updates. It is important to regularly update your device's operating system and installed applications to eliminate known vulnerabilities and strengthen security measures. This is a very important step, and it must not be ignored.

If you have any suspicions about the security of a QR code, it is better to refrain from scanning it or to seek help from an information security expert.