Welcome to Mobile Marketer. Skip directly to: main content, navigation, search box.
  • Email this
  • Print
  • ARTICLE TOOLS
    SPONSOR

Malicious QR code campaigns threaten legitimate marketers

Malicious QR codes

One of the malicious QR codes

The growing popularity of QR codes among consumers and marketers has caught the attention of cybercriminals, with several malicious campaigns having popped up recently.

Internet security firm Kaspersky Labs first detected malicious Web sites containing QR codes for mobile apps at the end of September. While this is the first time the company has seen cybercriminals use QR codes, Kaspersky Labs says it is not likely to be last.

“There is a recognition that QR codes are starting to become popular all over the world,” said Tim Armstrong, malware researcher at Kaspersky Labs, Woburn, MA.

Sign up to receive Mobile Marketer Daily. The premier mobile marketing publication. Free!

“Once people are comfortable using them, it makes sense for cybercriminals to come in and repurpose them for malicious purposes,” he said.

“Unfortunately, there is not a lot that marketers can do other than to make sure that the destination for the QR code is safe.”

Low-level scam
The first malicious QR codes were detected in late September and by early October Kaspersky had detected several more, this time linked to malware for both Android and J2ME.

The first malicious QR code discovered by Kaspersky was found on a Russian Web site and was positioned as a way to let people download an instant messenger app. The app would send messages to a premium subscriber and the cybercriminals could collect between $5 and $10 per message.

“I don’t think people are very aware of the potential malicious nature of these codes,” Mr. Armstrong said. “These are really just a way of getting somewhere and could become very popular as a means for repurposing existing scams in a new package.”

It might be possible for cybercriminals to create a site that looks like a company’s branded Web site and place malicious QR codes on it.

“We’ve seen a lot of quality content that mimics Twitter, Facebook and others,” Mr. Armstrong said. “It looks so good, we have a hard time telling the difference.”

The best way for consumers to protect themselves is to be careful about what they are scanning.

Mr. Armstrong expects to see more malicious QR codes going forward.

“I think it will pick up because it is a very easy campaign to set up,” Mr. Armstrong said.

“Some of the malware that is out there is very complex to set up  and manage,” he said. “QR codes are a pretty low-level scam in regards to how technical the malicious author needs to be."

Final Take
Chantal Tode is associate editor on Mobile Marketer, New York

Associate Editor Chantal Tode covers advertising, messaging, legal/privacy and database/CRM. Reach her at chantal@mobilemarketer.com.

 
Related content: Content, Malicious QR codes, Kaspersky Labs, Tim Armstrong, mobile marketing, mobile

  • Trackback url: http://www.mobilemarketer.com/cms/trackback/11296-1
  • | Follow us on Twitter |

Comments on "Malicious QR code campaigns threaten legitimate marketers"

  1. peter coombs says:

    October 31, 2011 at 12:19pm

    Yes its more of a problem as unlike other malicous links that you can see and make a judgement whether its bogus - this you can't
  2. Bryan Jackson says:

    October 25, 2011 at 12:44am

    As I see it (sadly) it's going to spawn a whole new industry as there will now need to be QR code validation and certificates services.
Please click here to download now!