If you have the habit of indiscriminately scanning QR codes to gather information, you’d better be careful. Cybersecurity experts have cautioned people to exercise restraint as hackers are luring people to scan codes so as to steal credentials.
Experts at Trellix, a cybersecurity firm, have found that hackers are sending emails with a QR code and text in the form of an image. To trick gullible users, hackers use subject headers such as ‘Urgent action needed regarding multi-factor authentication”.
Attack campaign
The Trellix Advanced Research Centre said it has noticed Microsoft Account phishing through QR codes since mid-May, wherein the email body only has text and a QR code, both in image form.
Since most security products act upon an email body containing only text and URL for detection, malicious actors have managed to overcome this hurdle by using only images in the email body. As the subject of the email calls for urgent action and the text is in the image form, users tend to open their mobile scanning apps to scan the QR code landing them in trouble.
“The first variant of this campaign contained text and QR code images embedded directly within the email body, and the other variant we encountered had a PDF attachment containing a QR code,” it said.
“We found the campaign to be widespread, targeting almost all sectors like fuel and energy, finance, banking, telecommunications, IT, healthcare, transport and manufacturing.
The URLs can employ another layer of evasion by using a ‘Click Captcha’ window, making it difficult for detection engines to screen the mails for malicious content.”
“The captcha does not have to be a genuine one; it is only a means of evading automated analysis,” it said.
How to be safe
Trellix urged users to proceed with caution whenever prompted to scan for a QR code in public areas. If scanning of QR code is absolutely required, “then use online web services to scan for QR codes on sandboxed device when you’re not sure about the authenticity of source of QR codes. You need to be extremely wary of instances when you’re asked to provide your personal information or financial information or some other credentials on the webpage which has been directed by scanning QR codes,” Trellix pointed out.
“Be cautious when a QR code takes you to some unknown website or directs you to open an application. It would be wise to have some reputed QR code scanning app on your hand-held device which shows the resolved content and doesn’t directly redirect you to the website or app,” it said.
