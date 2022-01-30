In the pandemic QR codes gained popularity. This module, an advance of the bar code, allows reducing the need for contact with surfaces that may have been manipulated by third parties and thus minimizing the risk of contagion.

Although they are very useful to show the menu of a restaurant or means of payment, for example, the computer security company Eset warned of the danger to which they are exposed: Cybercriminals can be used to trick their victims and commit fraud.

“Given the versatility of QR codes and the large number of actions that can be carried out, the range of possibilities for a cybercriminal is extremely wide. If we add to this the number of QR codes that we find in bars, restaurants, shops, hotels, airports and even payment platforms and health certificates, the attack surface expands even more”, said Cecilia Pastorino, security researcher computer from Eset.

So that you avoid falling into some type of scam, the company explains five Malicious actions that cybercriminals could perform with QR codes:

one- Redirect the user to a malicious website to steal information: just as attackers use malvertising or BlackHat SEO techniques to direct their victims to fraudulent sites, they could do the same with QR codes, especially if they are found in advertisements on the Internet. public roads or in the customer service areas of financial institutions.

two. Downloading a malicious file on the victim’s computer: Many bars and restaurants use QR codes for the user to download a PDF file with the menu or install an application to place the order. In this and similar contexts, an attacker could easily tamper with the QR code to entice the user to download a malicious PDF or install a rogue application.

3. Perform actions on the victim’s device: There are some basic actions that any QR reader is capable of interpreting. For example, connect the device to a Wi-Fi network, send an email or SMS with a predefined text, or save a contact on the device. Although these actions are not malicious, they could be used by an attacker to connect a computer to a compromised network, send messages on behalf of the victim or schedule a contact for later deception.

Four. Divert a payment or make money requests: most of today’s digital financial applications allow payments to be made through QR codes that contain the data of the recipient of the money. An attacker could modify this QR with their own data and thus receive the charges in their account. It could also generate codes with requests to collect money to trick buyers, as happened to some users who reported that they were scammed by sending a fake QR code to make a payment.

5. Steal a user’s identity or access to an application: Many QR codes are used as a certificate to verify information about a person, such as identity documents or health passes. In these cases, the QR codes contain information as sensitive as that found in an identity document or medical record, which an attacker could easily obtain by scanning the QR code.