QR codes used to infect Android users with malware

Most people already know what QR codes are: a new type of “barcode” that can be used for a variety of purposes – tracking, ticketing, labeling of products, and many more.

They can also be used for storing URLs, allowing users to scan them with their smartphones and be immediately directed to the URL in question on their device’s browser – an ability that researcher Augusto Peryra recently claimed will be soon misused by cyber criminals to direct users to malware.

Less than a month later, Kaspersky Lab researcher Denis Maslennikov warns about a series of SMS Trojans for Android devices, one of which poses as an mobile ICQ client by the name of “JimmRussia”. Once installed, the Trojanized app sends several text messages to a premium number, and the user gets billed $6 for each.

It is not unusual for online app markets – especially third party ones – to add QR codes to their offerings so that users that search for these apps with the help of a computer don’t have to copy the URL manually into their smartphone’s browser after they have decided to download one.

As one can’t tell what the code contains just by looking at it, there is nothing to warn the users about a potentially dangerous download

There are currently several different websites that offer these Trojanized apps. It is interesting to note that some offer both a direct link to the URL and a QR code to reach it, but while the text link doesn’t land the user to a page serving the malicious file (“jimm.apk), the QR codes does.

“Usage of QR codes for malware spreading was predictable,” comments Maslennikov.” And as long as this technology is popular cybercriminals will use it. These two examples illustrate the very beginning of such usage and in the nearest future likely we will see more pieces of mobile malware which is spread via QR codes.”