Topic: QR Codes spread Malware to Smartphones

[Samker]

 

You’ve seen barcodes all your life. So you know what they look like: rectangles “boxes” comprised of a series of vertical lines. When a cashier scans a barcode, you hear a familiar beep and you are charged for that item.

A QR code looks different and offers more functionality. QR stands for “quick response.” Smartphones can download QR readers that use the phone’s built-in camera to read these codes. When the QR code reader application is open and the camera detects a QR code, the application beeps and asks you what you want to do next.

Today we see QR codes appearing in magazine advertisements and articles, on signs and billboards; anywhere a mobile marketer wants to allow information to be captured, whether in print or in public spaces, and facilitate digital interaction. Pretty much anyone can create a QR codes.

Unfortunately, that’s where the cybercriminals come in. While QR codes make it easy to connect with legitimate online properties, they also make it easy for hackers to distribute malware.

QR code infections are relatively new. A QR scam works because, as with a shortened URL, the link destination is obscured by the link itself. Once scanned, a QR code may link to an malicious website or download an unwanted application or mobile virus.


Here’s some ways to protect yourself from falling victim to malicious QR codes:

1. Be suspicious of QR codes that offer no context explaining them. Malicious codes often appear with little or no text.

2. If you arrive on a website via a QR code, never provide your personal or log in information since it could be a phishing attempt.

3. Use a QR reader that offers you a preview of the URL that you have scanned so that you can see if it looks suspicious before you go there.

4. Use complete mobile device security software, like for example: Avast, AVG, BitDefender, Norton etc. , which includes anti-virus, anti-theft and web and app protection and can warn you of dangerous websites embedded in QR codes. Visit SCforum's Mobile Security area for more info's & downloads: : http://scforum.info/index.php/board,28.0.html

(BlogHer)

[Pez]

Thjer is some info regarding the QR Code spred Malware in this article also and ther refairing article.
http://scforum.info/index.php/topic,7529.0.html

Ther is as simple as this to create your own QR code to a URL, SMS, Phone number or Text.
Her is a QR-Code Generator:
http://qrcode.kaywa.com/
Then it can be for any site or place that can have more and less every thing. So be ware!

Her is also a other article from McAfee that is about the QR code malware's.




Android Malware Spreads Through QR Code

Last week, there was quite a buzz in the mobile-malware researchers community about a new Android malware. It came to light not because of its sophistication or complexity but due to the simple method that it uses to spread.

Most Android malware we have witnessed are repackaged malicious apps made available in black markets or third-party markets. This latest Android malware follows the same repacking path as its precursors. The only difference with this malware is that it uses quick response (QR) code to distribute the malicious link. We have already discussed in a recent blog that QR code can be used by attackers to spread malicious files.

A QR code is a type of matrix barcode to store information. These codes are increasingly found on product labels, billboards, and business cards. Why are QR codes so popular? The amount of data they hold. QR codes can carry 7,089 numeric characters or 4,296 alphanumeric characters and can store up to 2KB of data.

All one needs is a smart phone with a camera and QR reader application to scan these codes. The codes can direct users to websites or online videos, and send text messages and emails.



If you scan the QR code above with any QR code reader using your smart phone, it will redirect you to our site http://www.mcafee.com Attackers use these codes to redirect users to URLs that ask users to download malicious applications.



Analyzing the payload

Once users download a malicious application onto their mobile devices, they need to install it. This malicious app is the Trojanized Jimm application, which is a mobile ICQ client. The payload is nothing new, as we have already seen these behaviors in the past with other Android malware such as Android/FakePlayer.A and Android/HippoSMS.A. The latter sends SMS’s to premium numbers.



This malicious application requires the following user permissions:



User permission request by the application

Once installed, the malware sends an SMS to a premium number that charges users. The application has the following icon:



The application icon

We have also seen the JAR version of this application; it targets the J2ME mobile phones and sends SMS’s to premium numbers. When I installed the malicious .jar package in a test environment, it displayed the following message:



Installing the malicious application

It prompted me to select a country and then displayed the next message:



Finally the malware tries to send messages to premium numbers from the infected mobile. Because I was executing this application in a controlled environment, it told me I didn’t have a sufficient balance in my account to send the message.  But I did confirm that it tried to send messages, as seen below:



In the recent blog about QR codes by my colleague Jimmy Shah, he suggested how to stay away from such attacks. Our advice has not changed: Use a mobile QR code-/barcode-scanning app that previews URLs, and avoid scanning suspicious codes.

McAfee products detect these malware in our latest DATs as Android/SMS.gen and J2ME/Jifake.a.


Orginal article: Monday, October 24, 2011 at 11:15am by Arun Sabapathy