Rely on common sense to tell you if a QR code is malicious or not

Jan 12, 2012 19:21 GMT  ·  By

Cybercriminals began relying on QR codes to spread their malicious operations since they noticed that they could be utilized to hide URLs. Now they began sending confusing emails, urging recipients to scan QR codes that point to classic online pharmacy scams.

Websense researchers came across such an email that contains nothing more than a confusing text and a link to a site which allows visitors to embed URLs into QR codes.

Bearing the subject Want her to to get tired while counting her peaks? the notification only contains an even more confusing message that reads: You need your hose in action mode?

Once the link is clicked, the browser loads a URL that displays an image of a QR code. Those curious to learn what may be hiding behind the matrix bar code may scan it using a QR reader and end up on a website that offers shady pharmaceutical products.

While this variant may not present a threat as long as you don’t purchase anything or provide sensitive information, the URL that points to the online store can always be replaced with something that servers a piece of malware.

QR code readers have become a fun and popular app, especially for smartphones, and many companies started launching advertisement campaigns using QR codes. This is precisely why cybercriminals began relying on them to spread their own ads or malicious schemes.

Users are advised never to scan QR codes found on posters placed in public places, especially if they contain enticing messages that urge you to discover “something cool.”

Also, make sure that the QR reader you are utilizing displays the URL before redirecting you to the web address. Certain apps, especially older ones, instantly open the location, which means that your device may end up infected with a nasty piece of malware and you might even not know it.