QR Code Malware is Serious
QR codes are a boon for mobile marketers, as they have a "cool factor" and are convenient for getting attention and traffic to a website, mobile app or other advertisement. However, these unique square barcodes have become popular targets for mobile attacks because once a user scans the QR code with a mobile device's camera there is no indication or guarantee for where they will be taken and whether the destination site or app is safe.
"QR codes are much like a mystery box," says Alex Tishler, VP of VPN4ALL. "The idea is that marketers are playing on a user's curiosity coupled with whatever promise is made in the advertisement featuring the barcode to get a person to scan and follow the link. Unfortunately, if that link is malicious, that person's data is compromised. A quality mobile VPN service will actually block these attacks and prevent anyone from accessing the network who isn't authorized to be on there."
QR codes work differently than URL-shortening services or posting a website address because it requires users to interact with the barcode at the moment they see it, instead of writing down an address or committing it to memory for a later date. Additionally, QR code attacks can exploit nearly the full suite of a user's device's capabilities, from email, SMS and application installation. So once malware ends up on a user's device, it has near instant access to a lot of private information.
"Unfortunately, both iOS and Android devices are at risk for QR code attacks," says Tishler. "On an iOS device, a user can be taken to a site that 'jailbreaks' the device and installs malware - like keyloggers - on the device. With an Android system, a malicious application can be installed on the device and run in the background without a user ever knowing it was there."
Although QR code attacks are not yet widely prevalent, QR-based payment services are becoming more popular, with sites like LevelUp, Kuapay and PapPal beginning to employ more QR codes. Therefore it is likely that mobile hackers will try to take advantage of this growing trend.