New Security Threat: Infected QR Codes

Be careful the next time you scan a QR code, because it might just cost you money and wreak havoc on your smartphone.
Thats the warning from Kaspersky Lab, which has noticed the first instance of QR code tampering. The incident took place in Russia last month and hoodwinked consumers who thought they were downloading an Android app called Jimm. The code actually contained malware that sent SMS codes to a premium rate number that charged for each message.
Tim Armstrong, a malware researcher at Kaspersky, says premium rate numbers operate similar to 900 numbers in the U.S. The four- to five-digit numbers charge for each incoming text, wringing cash out of unsuspecting users. Armstrong says that its much more difficult to set up such numbers in the U.S., but cyberthieves will soon be able to create global premium rate numbers that could theoretically attack American consumers the same way. Infected QR codes could also be used for phishing scams, Armstrong says.
Robert Siciliano, an online security analyst at McAfee, says that infected QR codes are new on the scene. Its just hitting the radar in the security community, he says, adding that its a pretty brilliant scheme.
Both Armstrong and Siciliano say that consumers shouldnt be over-cautious about QR codes at this point. Armstrong notes that theres a interim step between scanning the code and launching an app in which consumers can determine if theyve been scammed. If its a game and its requesting SMS, then you know somethings wrong, he says. Siciliano, meanwhile, says a good rule is only to click on QR codes by a known vendor or advertiser.
QR codes are more popular in Asia and Europe than in the U.S., but many advertisers, including Taco Bell and Calvin Klein, among others, have employed them. Theyve also showed up on rooftops and on a tombstone.
Image courtesy of iStockphoto, youngvet
More About: phishing, QR Codes, security, trending