Beware of Smartphone Malware Lurking Behind Quick Response (QR) Scan Codes

An increasing amount of those popular QR scan codes, or 'block bar codes', are becoming an easy way for hackers to spread malware on smartphone devices.

Do you have a smartphone with a camera and an app that allows you to scan QR block barcodes (as shown in the QR code image to the right)? Chances are, if you are the least bit tech savvy, you have utilized your smartphone to scan QR barcodes at one point and time. You probably scanned the QR code hoping that you would score some type of deal, get some additional information on a product, or redirect you to some magical fairytale-land website that grants you 3 wishes. If you do not have your head in the clouds in some type of fairytale land, you may realize that an increasing amount of these QR codes have become the tool for utter confusion at the hands of hackers who peddle malicious software.

QR code stands for 'Quick Response' code, which is a matrix barcode (two dimensional code) originally designed for the automotive industry. Since its original conception, the QR code has widely become popular for a quick way to utilize a scan tool or smartphone (with built-in camera and scanning app) to scan for product information, commercial tracking, entertainment ticketing and even in-store labeling. QR codes may store an abundance of information such as a sequence of numbers, letters, words, full sentences and even URL website addresses.

More recent QR codes found over the Internet or on random advertisements mostly include website addresses sometimes leading computer users to web pages containing additional information about a specific item online. On the flip side of all things good and wonderful, there lies the evildoers taking advantage of what a QR code is essentially capable of.

The Dangers of Malicious QR Scan Codes

Virtually anyone, including hackers, can construct a QR code provided they have the proper software or QR creator website address to do so. Cyber criminals and hackers have recently taken QR code to a new level by embedding malicious URL links. Because a QR code cannot be deciphered by a person, an electronic device such as a smartphone is needed to determine if the QR code contains a link. If the link within a QR code is malicious, it is usually too late to avoid it because most smartphones by default will automatically load the scanned code.

Just think, if you have an Android smartphone and you happen to scan a malicious QR code, your phone's Android OS could be susceptible to automatically downloading a malicious app. Basically, because Android OS is an open platform, cybercriminals could exploit weaknesses with then Android browser and transmit malicious apps through the QR codes that target Android-based smartphones. These malicious apps could be designed to pilfer private data stored on your phone or even record login information if you ever utilize your device to access online banking.

How to Avoid QR Scan Code Malware

As you may already know, smartphones running the Android operating system are susceptible to malicious apps and software exploits. Increasingly so, hackers are busy finding new and creative ways to exploit these devices and the QR code can be used just as easy as previous ways to exploit or infect Android OS smartphones.

Avoiding malicious QR codes can be an easy task by just simply making a pact to avoid scanning any of the barcodes. But who wants to give up the ability to fundamentally make life easier by taking advantage of what legitimate QR codes have to offer? The best thing smartphone users can do is to utilize an app for scanning QR codes that displays the URL before loading it. Most QR scan apps will automatically redirect your smartphone's browser to the embedded QR code URL, which may directly lead to the download and installation of a malicious app. Using QR code scan app that display the URL beforehand will give you a chance to make a determination if the URL is identified as legitimate. In many situations, you may not be able to make that determination which is why it is not a good idea to scan QR codes from random stickers or walls. Sometimes even legitimate billboard areas have tampered QR codes that may lead to malicious sites.

As a last resort, you may consider installing and running a mobile security app on your smartphone. This will ensure that the open platform Android OS stays protected from all identified smartphone malware.

How often do you scan QR codes? Have you ever scanned a QR code and landed on a site that appeared to be malicious or contained explicit content? Share your experience by commenting below.