QR codes have been used for phishing for a while, but hackers are now using more advanced methods.
According to a new report from security platform INKY Technology, attackers are using QR codes that run JavaScript immediately after scanning, without users having to take any action themselves.
Invisible Attack Channel
This new form of quishing (QR code phishing) is completely different from earlier QR codes that sent victims to unsafe websites. Attackers now include HTML and JavaScript directly in the QR code via data URLs. When someone scans the code and opens it in a browser, the code is immediately executed locally.
This can even happen offline if the code is written for that purpose. With this code, hackers can mimic login pages, track what the user types, and obtain sensitive information. All of this can be done by bypassing traditional security systems. No URL is visited, which means most security features don’t notice that the code is being executed.
INKY cites as an example that an HTML5 version of the video game DOOM can be fully loaded via a QR code. This proves how advanced compression allows for extremely large malware files to be executed via QR codes.
Be Alert
INKY warns that these techniques are likely to be deployed more widely. The company recommends disabling automatic opening in browsers when scanning QR codes, training employees to avoid QR codes in suspicious contexts, and immediately reporting suspicious emails to the IT department.
read also