It was just a matter of time, and now it’s happening. The Websense ThreatSeeker Network has started spotting spam messages that lead to URLs that use embedded QR codes.
This is a clear movement and evolution of traditional spammers towards targeting mobile technology.
The spam email messages look like traditional pharmaceutical spam emails and contain a link to the Web site 2tag.nl. This is a legitimate Web service that allows users to create QR codes for URLs.
Once the 2tag.nl URL from the mail message is loaded in the browser, a QR code is displayed, along with the full URL that the QR code resolves to on the right.
When the QR code is read by a QR reader, it automatically loads the spam URL(or asks before loading, depending on which flavor of QR reader you have installed).
Elad Sharf, Security Researcher, Websense Security Labs: “We’ve been looking at QR codes as a potential malware/spam route for a while now. Inherent in the design is a level of trust and novelty that can be abused. In many ways it was just a matter of time before we saw spam messages point to URLs that use embedded QR codes. This is a clear movement and evolution of traditional spammers towards targeting mobile technology. Last year we predicted a 2012 shift towards mobile device attacks. One week in to the new year and that prediction is evident.”