Check Point’s Live Cyber Threat Map identified 20,000 instances of QR code phishing and malware attacks within two weeks, highlighting the vulnerability of QR codes to cybercriminals.
Check Point Software Technologies, a cybersecurity solutions provider, has published new research illustrating a typical QR code attack. In this attack, scammers utilize QR codes to redirect users to a credential harvesting page, adjusting the redirection chain based on the user’s device.
The goal is to install malware and steal credentials. Check Point’s Live Cyber Threat Map identified 20,000 instances of QR code attacks within two weeks, highlighting the vulnerability of QR codes to cyber criminals.
Hackread.com previously reported that Check Point Research noticed a whopping 587% increase in QR-code-based phishing attacks between August and September 2023. This could be attributed to the lack of QR code protection in email security solutions and the widespread use of scanning QR codes.
Security vendors worked to develop new protections, but threat actors responded with a new variation of QR code attacks. Recently Bitdefender observed a rise in YouTube stream-jacking campaigns using deepfake videos for cryptocurrency theft. YouTube stream-jacking is a cybercrime where criminals steal accounts using livestream pop-ups, QR codes, and malicious links.
In October 2023, SlashNext reported a rise in QR-code-based phishing attacks using Quishing and QRLJacking. Quishing involves circulating a QR code with malware download links on various platforms, redirecting users to phishing websites or downloading malware.
It happens because QR codes have several layers of obfuscation, including the QR code itself, a blind redirect to another domain, and an anti-reverse engineering payload. These layers can be used to redirect users to suspicious activities or fake login pages. Hackers can increase their success rate by navigating conditional redirection.
Attacks sending QR codes with conditional redirection, using social engineering techniques and BEC 3.0. Check Point researchers provide multiple examples of how these phishing attempts will look like. In one such instance, users are requested for an annual 401K contribution statement by scanning the QR code.
“The QR code has a conditional destination point based on browser, device, screen size, and more,” directed to different pages depending on these parameters, Check Point Research noted in their report shared with Hackread.com.
Users’ device type affects the display of links though, as Mac users see one link, while Android users see another. However, the result will be the same. Nevertheless, these attacks highlight the convincing nature of phishing attempts and the importance of multi-layered cybersecurity in preventing the consequences of such attacks.
Typically, default security layers will let go if the first redirect is clean. However, a complete security solution can prevent these attacks by blocking multiple layers. This includes email security, browser security, mobile security, anti-malware, and post-delivery security. These layers work together to block suspicious behaviour, inspect websites, and decode QR code attacks.
However, since such attacks are difficult to detect or thwart due to multiple obfuscation layers, security professionals need AI-based security, the ability to decode QR code attacks, and multiple layers of protection. By implementing these best practices, security professionals can substantially prevent phishing attacks and protect their systems.
- Trezor Data Breach Exposes Email and Names of 66,000 Users
- Phishing 3.0: Crooks Leverage AWS in Deceptive Email Campaigns
- Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets
- Global malspam targets hotels, spreading Redline and Vidar stealers
- New Phishing Scam Hooks META Businesses with Trademark Threats