How QR Codes Can Deliver Malware

Wednesday, March 28, 2012

Robert Siciliano

37d5f81e2277051bc17116221040d51c

You’ve seen barcodes all your life. So you know what they look like: rectangles “boxes” comprised of a series of vertical lines. When a cashier scans a barcode, you hear a familiar beep and you are charged for that item.

A QR code looks different and offers more functionality. QR stands for “quick response.” Smartphones can download QR readers that use the phone’s built-in camera to read these codes.

When the QR code reader application is open and the camera detects a QR code, the application beeps and asks you what you want to do next.

Today we see QR codes appearing in magazine advertisements and articles, on signs and billboards; anywhere a mobile marketer wants to allow information to be captured, whether in print or in public spaces, and facilitate digital interaction. Pretty much anyone can create a QR codes.

Unfortunately, that’s where the cybercriminals come in. While QR codes make it easy to connect with legitimate online properties, they also make it easy for hackers to distribute malware.

QR code infections are relatively new. A QR scam works because, as with a shortened URL, the link destination is obscured by the link itself. Once scanned, a QR code may link to an malicious website or download an unwanted application or mobile virus.

Here’s some ways to protect yourself from falling victim to malicious QR codes:

  • Be suspicious of QR codes that offer no context explaining them. Malicious codes often appear with little or no text.
  • If you arrive on a website via a QR code, never provide your personal or log in information since it could be a phishing attempt.
  • Use a QR reader that offers you a preview of the URL that you have scanned so that you can see if it looks suspicious before you go there.

Use complete mobile device security software, like McAfee® Mobile Security, which includes anti-virus, anti-theft and web and app protection and can warn you of dangerous websites embedded in QR codes.

Robert Siciliano is a McAfee Online Security Evangelist. See him discussing attacks on our critical infrastructure on Fox News (Disclosures)

Possibly Related Articles:
9762
Viruses & Malware
Information Security
virus malware Application Security Mobile Devices Attacks Malicious Code Short URL QR-Code
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.