Now, to be clear: there’s nothing inherently wrong with the QR code itself. The QR code is just a visual representation of data which gets passed to the phone — so even if there were some way to directly exploit QR codes, its effect would vary greatly based on how each respective platform handles the data passed to it.
Instead, the nasties are using QR codes to lure people into downloading Android malware. While some users are likely to assume that QR codes are unique to the Android market and thus be comfortable scanning them, these codes actually take you to an Android install package hosted on some third-party server. The QR code itself isn’t bad — but the link it’s obfuscating is.
Once downloaded, the dirty app (which, in the most recent case, was a hacked version of the Russian ICQ client, Jimm) begins firing off text messages to a premium number. Each text it sends (without your knowledge) sets you back around $5+. You can find an outline of the method by Kaspersky Labs here.
And Now You Have One More Reason To Ignore QR Codes TechCrunch
No comments:
Post a Comment