• Executive Summary This article explores the misuse of QR codes in today’s threat landscape, covering three areas of concern: - QR codes using URL shorteners to disguise malicious destinations - QR codes using in-app deep links to steal account credentials and take control of a victim’s apps - QR codes attempting to bypass app store security by linking to direct downloads of malicious apps With QR codes a notable presence in our everyday lives, some people instinctively scan them without hesitation. • But QR codes are also a vector for attack. • QR codes enable attackers to bypass organizational security by exploiting the weaker controls of personal mobile devices. • By doing this, they can trick users into scanning codes and interacting with malicious destinations outside the corporate security perimeter. • Over the past several months, we have tracked campaigns that used QR codes for phishing (known as quishing) and scams. • Our telemetry reveals an average of over 11,000 detections of malicious QR codes each day.

Article Summaries:

  • Palo Alto Networks reports that QR‑code phishing-termed “quishing”-has surged, with over 11,000 malicious QR detections daily. Attackers exploit three tactics: URL shorteners that mask harmful destinations, in‑app deep links that steal credentials and hijack apps, and direct downloads of malware bypassing app‑store checks. While most incidents are mass campaigns, targeted attacks have emerged, such as phishing of Ukrainian Signal users amid the Russia‑Ukraine conflict. The company urges users to remain cautious when scanning QR codes and highlights its security products and Unit 42 Incident Response team as safeguards against these evolving threats.

Sources: