Malicious QR code campaigns threaten legitimate marketers
The growing popularity of QR codes among consumers and marketers has caught the attention of cybercriminals, with several malicious campaigns having popped up recently.
Internet security firm Kaspersky Labs first detected malicious Web sites containing QR codes for mobile apps at the end of September. While this is the first time the company has seen cybercriminals use QR codes, Kaspersky Labs says it is not likely to be last.
?There is a recognition that QR codes are starting to become popular all over the world,? said Tim Armstrong, malware researcher at Kaspersky Labs, Woburn, MA.
?Once people are comfortable using them, it makes sense for cybercriminals to come in and repurpose them for malicious purposes,? he said.
?Unfortunately, there is not a lot that marketers can do other than to make sure that the destination for the QR code is safe.?
The first malicious QR codes were detected in late September and by early October Kaspersky had detected several more, this time linked to malware for both Android and J2ME.
The first malicious QR code discovered by Kaspersky was found on a Russian Web site and was positioned as a way to let people download an instant messenger app. The app would send messages to a premium subscriber and the cybercriminals could collect between $5 and $10 per message.
?I don?t think people are very aware of the potential malicious nature of these codes,? Mr. Armstrong said. ?These are really just a way of getting somewhere and could become very popular as a means for repurposing existing scams in a new package.?
It might be possible for cybercriminals to create a site that looks like a company?s branded Web site and place malicious QR codes on it.
?We?ve seen a lot of quality content that mimics Twitter, Facebook and others,? Mr. Armstrong said. ?It looks so good, we have a hard time telling the difference.?
The best way for consumers to protect themselves is to be careful about what they are scanning.
Mr. Armstrong expects to see more malicious QR codes going forward.
?I think it will pick up because it is a very easy campaign to set up,? Mr. Armstrong said.
?Some of the malware that is out there is very complex to set up and manage,? he said. ?QR codes are a pretty low-level scam in regards to how technical the malicious author needs to be."
Chantal Tode is associate editor on Mobile Marketer, New York