Malware Alert: Scanned Barcodes a Threat

Tuesday, October 4, 2011 @ 01:10 PM gHale


Quick Response (QR) codes are becoming an easy starting point to install malicious applications on mobile devices.

QR code is a type of matrix barcode, or two-dimensional code, first designed for the automotive industry, but more recently it has become popular for fast readability and comparatively large storage capacity. The code consists of black modules arranged in a square pattern on a white background. The information encoded can consist of any kind of data.

RELATED STORIES
Security Infrastructure Threat Growing
Cyber Report: Life on Technology’s Edge
Cyber Security Month: DHS Eval Tool
White House Invests in Smart Grid, Security

One identified malicious QR code on a Russian website links through a series of redirections to a site punting a Trojan version of the Jimm mobile ICQ client. Android users who follow the links and install the application will suffer an infection that sends text messages to premium-rate SMS numbers, net security firm Kaspersky said.

Tricking users into scanning QR codes, which can encode URLs into barcode-like squares, to lure them into installing malicious applications on smartphones is a new threat, dubbed “Attaging” (Attack Tagging).

Technically speaking whether a user follows a link in a browser or follows a QR code to reach the same location is no different, apart from the fact users might be more trusting about a non-human-readable QR code than a conventional URL.

QR codes have appeared in online Android application catalogues. Smartphone users can read about an application on their PC before scanning a QR code using the camera on their Android device in order to download it. The approach gets around the need to type in a booby-trapped URL on a phone’s keyboard but also creates new security risks



One Response to “Malware Alert: Scanned Barcodes a Threat”

  1. […] QR code is a type of matrix barcode, or two-dimensional code, first designed for the automotive industry, but more recently it has become popular for fast readability and comparatively large storage capacity. The code consists of black modules arranged in a square pattern on a white background. The information encoded can consist of any kind of data. http://www.isssource.com/malware-alert-scanned-barcodes-a-threat/ […]


Leave a Reply

You must be logged in to post a comment.