YNOT – Leave it to the black hats: The moment a piece of technology becomes popular or useful, someone will figure out a way to subvert it.
The marketing darling of the moment, Quick Response — or QR — codes, became the latest victim this week when anti-virus researchers at Kaspersky Lab uncovered an Android-based Trojan hiding on sites to which some QR codes redirect users.
QR codes seem to be everywhere lately: on product packaging, in magazine and newspaper ads, on websites, on the sides of city buses and even on billboards. Typically, users may scan the black-and-white matrix barcodes with their QR-enabled mobile devices and automatically be whisked to an online destination containing more information.
According to Kaspersky analyst Denis Maslennikov, infected QR codes “are gaining in popularity.” The technique has been dubbed “attaging,” a contraction of “attack tagging.” Like most other malware, the Trojans distributed via QR links are examples of savvy social engineering in pursuit of a profit. The QR scheme Kaspersky uncovered installs either a variant of the Jimm mobile ICQ client or a J2ME SMS Trojan on Android-based mobile phones. Once installed, the software surreptitiously sends SMS messages to premium-rate numbers, potentially netting the cybercriminals a tidy sum.
Evidently, the coders are Russian, Maslennikov noted.
“Usage of QR codes for malware spreading was predictable,” Maslennikov wrote on Kaspersky’s SecureList blog. “And as long as this technology is popular, cybercriminals will use it. These two examples illustrate the very beginning of such usage, and in the nearest future likely we will see more pieces of mobile malware which is spread via QR codes.”
