Watch out! QR codes becoming cemented to phishing attacks

Threat attackers are using QR codes to lead phishing campaigns. Microsoft has restricted macros in its files to avoid malicious codes.

“Data collected by the HP Threat Research team shows that from Q2 2022, attackers have been diversifying their techniques to find new ways to breach devices and steal data.”

Recently, we’ve seen #phishing campaigns masquerading as parcel delivery companies 📦🚚–using QR codes to direct users to malicious websites.

Read our Threat Insights Report for more on emerging campaigns: https://t.co/qM4i48KFrR pic.twitter.com/gqMBLWDs7q

— HP Wolf Security (@hpsecurity) March 17, 2023

QR scan scams on a verge

• Since October 2022, HP has seen almost daily QR code scam campaigns. These trick users into scanning QR codes from their PCs using their mobile device
• 38 percent rise in malicious PDF attachments. Recent attacks use embedded images that link to encrypted malicious ZIP files, bypassing web gateway scanners. The PDF instructions contain a password that the user is tricked into entering to unpack a ZIP file, this then deploys QakBot or IcedID malware to gain unauthorized access to systems and provide beachheads to deploy ransomware.
• Archive formats are another popular attack mode, with 42 percent of malware files delivered in files like ZIP, RAR, and IMG. The popularity of archives has risen 20 percent since Q1 2022, as threat actors switch to scripts to run their payloads.

“We have seen malware distributors like Emotet try to work around Office’s stricter macro policy with complex social engineering tactics, which we believe are proving less effective. But when one door closes another opens – as shown by the rise in scan scams, malvertising, archives, and PDF malware,” explains, Senior Malware Analyst, HP Wolf Security threat research team, HP.

Prevention techniques by experts

“While techniques evolve, threat actors still rely on social engineering to target users at the endpoint,” comments Dr. Ian Pratt, Global Head of Security for Personal Systems, HP.

In Q4, HP also found 24 popular software projects imitated in malvertising campaigns used to infect PCs with eight malware families.

This exceptional (and timely) #HPWolf #securitythreatreport will make you re-think accessing a #QR code…I encourage you to devour this report @HP #security #smarthome #cybersecurity #CIO #CSO #HPWolfSecurity https://t.co/YlojlolLpN

— Mark Vena (@MarkVenaTechGuy) March 16, 2023

The attacks rely on users clicking on search engine advertisements, which leads to malicious websites that look almost identical to the real websites.

Therefore it is important to be cautious while scanning QR codes, especially from unknown sources. Verify the source of the code and the website it leads to before entering any sensitive information.

Using up-to-date operating systems and anti-virus to prevent attacks. Also, it is better not to scan if you are unsure about the source.

In the end

Phishing attacks can take many forms, including email phishing, spear phishing, and smishing, and can be difficult to detect because they often appear to be legitimate communications from trusted sources.

Phishing attacks can have serious consequences for individuals and organizations, including financial losses, reputational damage, and data breaches. Be safe!

“Organizations should deploy strong isolation to contain the most common attack vectors like email, web browsing, and downloads. Combine this with credential protection solutions that warn or prevent users from entering sensitive details onto suspicious sites to greatly reduce the attack surface and improve an organization’s security posture.”