QR codes have become a staple in modern digital interactions, offering a quick way to open links, pay bills, and sign in to services. However, this convenience is now being exploited by cybercriminals to lead unsuspecting users to dangerous websites and applications.
Increasing Threats from QR Codes
Recent reports indicate that QR codes themselves are not inherently dangerous, but they serve as gateways to malicious content. Attackers utilize these codes to create complex redirect chains that can bypass app-store verifications, a practice known as ‘quishing.’ These threats have been found in emails and physical posters, making them difficult to avoid.
Palo Alto Networks has been monitoring these malicious QR activities, noting a significant increase in such incidents. Their research reveals that approximately 75,000 QR codes are scanned daily, with about 15% leading to harmful links. This results in more than 11,000 malicious detections each day.
In-Depth Analysis of Deep Links
Deep links, which are specialized URLs that open specific app screens, are also being weaponized. Palo Alto’s Unit 42 observed over 35,000 QR codes with deep links to Telegram, with login attempts constituting 97% of these cases. A significant portion of these links led to malicious host pages.
Other applications such as Signal, WhatsApp, and Line have also been targeted. Notably, some attacks were specifically aimed at Ukrainian Signal users. The use of deep links poses a challenge for security teams, as these threats often go unnoticed in standard web analyses.
Mitigation Strategies for Organizations and Users
To mitigate these risks, organizations are advised to handle QR codes as potentially harmful inputs. Scanning QR codes before use, expanding surveillance to include QR images in documents, and blocking known abusive QR shorteners are recommended strategies.
Additional measures include strengthening email and web filters to detect QR-based threats and prevent malicious redirects. Enhancing user awareness through consistent training can significantly reduce the impact of these phishing and malware campaigns.
For individual users, it is crucial to verify the source of QR codes, preview full URLs before accessing them, and avoid completing urgent payment requests. Users should also maintain updated operating systems and disable settings that allow unknown app installations.
Stay informed about the latest cybersecurity threats by following us on Google News, LinkedIn, and X. Mark CSN as a preferred source on Google for instant updates.
