QR tags used by cyber criminals

The marketing tags can be used to steer victims to malicious sites

Quick Response (QR) tags, an important tool in interactive marketing, can be targeted and manipulated by cyber criminals to steer victims to malicious web sites, researchers have warned.

A demonstration posted on mobile security blog Kaotic Neutral last week by researcher Augusto Pereyra showed how a practical attack would link a malicious QR tag to an internet-based server.

He said similar attacks could be used to target vulnerable mobile devices that scan QR tags.

The postage-stamp sized, matrix style barcodes are easily generated and placed as stickers over legitimate QR tags for both small and large-scale attacks on personal and financial identity.

Using such simple means, cyber criminals skilled at spear phishing and other advanced forms of cyber attack, can then use their own malicious QR tag to phish or pharm the unsuspecting smartphone user.