QR codes may offer a useful way to look up information, but they can also be abused by fraudsters to lure users to malicious websites.
A study by researchers from Northeastern University in 2013 found that QR codes are already being used by attackers to distribute malware or direct users to phishing sites.
Based on an analysis of 14 million web pages, 0.16 per cent of the QR codes were designed to facilitate one or more types of malicious activities, such as directing users to phishing sites or distributing malware to vulnerable devices.
While the number of malicious QR codes remains relatively small, any security threat should not be taken lightly, especially since cybercriminals can also use URL shortening services to disguise the web addresses stored in QR codes.
Last week, IT security company Kaspersky launched a new QR code scanner app that checks for malicious QR codes.
Here’s how it works: As soon as the square shape of a QR code becomes visible to the device’s camera, the app responds by checking the information encoded in the QR code.
If everything is fine, the app opens the page. If the link leads to a phishing or a malicious site, the user will see a warning notification. Besides detecting web addresses, the scanner will also pick up any embedded text and contact information.
The app, available for Android and iOS devices, recognised QR codes quickly, though we haven’t encountered any malware – thankfully.
So, if you’re looking for a QR code scanner, it’s worth giving the Kaspersky QR Scanner a shot. Its security feature gives it a leg up over other barcode scanners in the market.
