Security firms warn of malicious QR codes

by Ashwani Mishra    Jan 27, 2012

QRAttackers can distribute malware by tricking users into scanning fake QR codes that lead to infected sites or applications.

Quick Response or QR codes are turning out to be the perfect marketing package for marketers. The small black and white, two dimensional bar codes keep consumers engaged and help companies sell more.

Industry experts suggest that the remarkable growth of mobile action codes in 2011 signals that this technology has moved from an experimental phase to becoming an integral part of a brand’s print marketing strategy. For companies, these codes will come handy as they can build a customer database over time.

QR codes are becoming popular for mobile users to insert text and URLs into the mobile device without typing. After becoming a hit in mobile-evolved markets like US, Europe, Korea and Indonesia, marketers in the country are attempting to rewrite the rules of engagement with QR codes. Google Trends report on QR codes puts India among the top 10 countries.

However, these codes are now being discovered as an ideal way to distribute malware to unsuspecting victims by allowing them to scan the code and redirecting them to an infected or a phishing site.

“The user does not know what lurks behind the QR code until the malware is already installed and running,” said Yuval Ben-Itzhak, Chief Technology Officer, AVG Technologies, a provider of Internet and mobile security solutions.

A recent report by AVG titled Community Powered Threat Report for Q4 2011 highlights the risks of QR codes.

Putting a malicious QR code sticker onto existing marketing material or replacing a website’s bona fide QR code with a malicious one could be enough to trick many unsuspecting people, said the report.

“In Q4 we clearly saw the convergence between computers and mobile phones applies to malware too. As phones become more like computers, so do the risks,” said Ben-Itzhak. “Many sophisticated tricks of the trade from computers are now being repurposed for phones. However, as phones are often tied into billing systems the gains can be far greater.”

Research and Markets, a market research firm, released a report in December revealing that QR code scan rates have jumped by 4,500 percent since the first quarter of 2010.

Another security services provider Check Point said that though the technology is an excellent tool to connect with mobile savvy customers, users should be wary about QR codes that may be dangerous.

In India, some of the early QR adopters range from food, hospitality and retailing to automobile, telecom and technology.