How to avoid malware hiding behind QR codes

As the use of QR codes becomes increasingly widespread, users should be aware that they are also becoming an easy way for malware peddlers to spread their malicious wares.

Most people already know what QR codes are: a new type of “barcode” that can be used for a variety of purposes – tracking, ticketing, labeling of products, and so on. They have seen them in magazines, buses, websites, TV, tickets, and on almost any object which they might want to learn more about.

When used for legitimate purposes, they make life easier for users. “All you need to ‘visualize such a code is a smartphone with a camera and a QR reader application to scan it – the code can direct you to websites or online videos, send text messages and e-mails, or launch apps,” point out BullGuard’s researchers.

Unfortunately, they can just as easily be used to compromise the users’ mobile devices. So what can you do to protect yourself from this threat?

The first and foremost thing to you should do is to download an app that scans QR codes and barcodes and shows the URL to which the codes want to take you. If the destination URL is shortened, or if they seem not seem to have anything to do with the product or service in question, you might want to skip the offer.

It is also a good idea not to scan QR codes from random stickers on walls and similar surfaces – scammers are counting on people to do that because they can’t curb their curiosity. Even QRs placed on legitimate billboards may have been tampered with, because it’s easy for scammers to place another code over the legitimate one. So if you can, look closely at it to see if something like that has happened.

Lastly, you should consider installing a mobile security app on your device, especially if it runs the Android OS. “Android is an open platform, which means that its source code can be examined by criminals and exploited easily when they find a weakness in, say, the Android browser,” say the researchers. “That’s why most malicious apps transmitted via QR codes target the Android-based smartphones.”

More about

Don't miss