Security experts at Barracuda has discovered two new techniques used by cybercriminals to make malicious QR codes evade detection in phishing attacks. According to a new report, they involve either splitting a malicious QR code into two parts to confuse traditional security systems, or encapsulating the malicious QR code inside or around another legitimate QR code.
Quishing is a form of phishing where QR codes contain malicious links that, when scanned, take the user to fake websites – built to steal login credentials or other sensitive information. According to analysts, the new ones are being used the methods of attacks which is based on the established phishing-as-a-service (PhaaS) tools Tycoon and Gabagool.
Shared QR codes
Gabagool Group used the split QR code technique in a fake Microsoft password reset campaign. The QR code is split into two separate images that are placed close together in a phishing email. To the recipient, it looks like a single QR code, but security systems perceive it as two innocent images. If the user scans the code, they are taken to a fake website that attempts to steal login credentials.
Nested QR codes
Instead, the Tycoon tool uses an encapsulation technique where a malicious QR code surrounds a legitimate QR code. The outer QR code leads to a malicious URL, while the inner one goes to Google. The technique makes it harder for a scanner to determine which is malicious because the result is ambiguous.
“Malicious QR codes are popular with attackers because they look legitimate and can bypass traditional security measures like email filters and link scanners. Since the recipient often needs to switch to a mobile device to scan the code, protection is weak. Attackers continue to develop new techniques to stay ahead of the curve. One way to expose them could be through integrated, AI-powered solutions,” said Saravan Mohankumar, head of Barracuda's Threat Analysis team.
Defense against advanced QR attacks
In addition to basics like security awareness training, multi-factor authentication, and effective spam and email filters, we recommend Barracuda organizations are implementing multi-layered protection solutions with multimodal AI. This technology can identify, decode and analyze QR codes without first extracting the content, making it easier to detect rapidly evolving threats.
Swedish
English