Security News > 2022 > January > Surge in Malicious QR Codes Sparks FBI Alert
QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.
The smart little matrix bar codes are easily tampered with and can be used to direct victims to malicious sites, the FBI warned in an alert.
QR codes are the square, scannable codes familiar from applications like touchless menus at restaurants, and have gained in popularity over the pandemic as contactless interactions have become the norm.
"A victim scans what they think to be a legitimate code, but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information," the FBI alert explained.
The FBI said it has also observed threat actors using malicious QR codes to download malware giving them access to a victim's device, where they then accessed financial data to steal money.
Last summer the Better Business Bureau issued an alert that scammers were increasingly abusing QR codes in innovative ways; one elaborate scheme started with a malicious QR code and ended with sending victims to gas stations to use Bitcoin ATMs. Purandar Das, co-founder and CEO at Sotero, said a rise in QR abuse was almost inevitable.
News URL
https://threatpost.com/fbi-malicious-qr-codes/177902/
Related news
- Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes (source)
- Google binning SMS MFA at last and replacing it with QR codes (source)
- How QR code attacks work and how to protect yourself (source)
- Week in review: How QR code attacks work and how to protect yourself, 10 must-reads for CISOs (source)