QR Codes Hijacked By Malware

By Ryan Majeau | Posted October 25th, 2011 in Faronics blogs for

QR codes are popping up everywhere these days. On buses, magazine ads, billboards—I’ve even seen them drawn in chalk on the sidewalk. Maybe you’ve noticed? QR codes are catching the eyes of businesses for marketing, but the more popular something is the more appealing it is to cybercriminals.

A recent incident was reported in Russia. A hijacked QR code took unsuspecting Android users to download an app named Jimm. Jimm didn’t download but malware sure did! The code sent off a bunch of SMS messages to a premium number (a SMS version of a 1- 900). Hackers profit, you get billed—at $6 a message!

QR code scanning increased by 4,549% in the US—just in the first quarter of 2011! It’s no wonder cybercriminals have taken notice. Aside from their fame, QR codes are perfect for hackers since you can’t see where the code will take you until it’s scanned.

The same thing happened when URL shortening services like Bitly appeared. Long and complex URLs get made all short and sweet. They look great, fit well on Twitter but they give no indication of their destination. It could be to a malicious site or could download a virus. You only find out once you click. Oops.

Mobile malware is on the rise, with Google’s Android phones getting hit hard so far. All smartphones can do almost anything for us, but Android does one more thing—it can be your wallet too. All the more reason to be on guard!

You can definitely expect to see more of these scams happening in the future. Who’s to stop someone from pasting their own QR code overtop one of the many signs you see outside? It gives you a whole other reason to think before you take a pic!