The Hidden Danger of PDF Files with Embedded QR Codes


The SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time.

QR codes are increasingly popular due to their versatility and ease of use. Beyond payments and feedback, QR codes have a wide range of applications across various industries such as marketing, retail, education, healthcare, hospitality, transportation, real estate, public services, entertainment, business operations, personal use etc. Malware authors are efficiently taking advantage of its popularity. Sonicwall researchers observed that a lot of PDF files are coming from emails (fax) containing QR Codes asking users to scan with smart phone camera.

Read more…
Source: Sonicwall


Sign up for our Newsletter


Related:

  • Ransomware attack shuts down The Superior Court of Los Angeles County

    July 22, 2024

    The Superior Court of Los Angeles County will be closed on Monday as they continue to recover from a ransomware attack that happened last week. Because of this, all 36 courthouse locations across LA County will be closed to start the week as work continues on the repair and reboot of network systems that were shut ...

  • Cybercriminals quickly exploit CrowdStrike chaos

    July 20, 2024

    Who loves a global outage? Phishers, fraudsters and all manner of creeps Criminals didn’t waste any time taking advantage of the CrowdStrike-Microsoft chaos and quickly got to work phishing organizations and spinning up malicious domains purporting to be fixes.… Just hours after a faulty CrowdStrike file shut down Windows machines around the globe, reports surfaced of ...

  • Number of data breach victims goes up 1,000%

    July 19, 2024

    Nope, that headline’s not a typo. Over one thousand percent. The Identity Theft Resource Center (ITRC) tracked 1,041,312,601 data breach victims in Q2 2024, an increase of 1,170% over Q2 2023 (81,958,874 victims). The ITRC is a national non-profit organization set up with the goal of minimizing the risk and mitigating the impact of identity compromise. ...

  • North Korean hackers are targeting Apple Mac devices with updated malware

    July 19, 2024

    North Korean state-sponsored threat actors are once again setting up fake job interviews in a bid to infect unsuspecting victims with infostealing malware – but this time around, they are focusing on Apple users. Cybersecurity researcher Patrick Wardle recently discovered a new variant of BeaverTail, a known infostealer capable of grabbing sensitive information from web browsers ...

  • APT41 Has Arisen From the DUST

    July 18, 2024

    Recently, Mandiant became aware of an APT41 intrusion where the malicious actor deployed a combination of ANTSWORD and BLUEBEAM web shells for persistence. These web shells were identified on a Tomcat Apache Manager server and active since at least 2023. APT41 utilized these web shells to execute certutil.exe to download the DUSTPAN dropper to stealthily load ...

  • MediSecure reveals 12.9 million Australians had personal data stolen in cyber attack earlier this year

    July 18, 2024

    eScript provider MediSecure has revealed the personal data of 12.9 million Australians was stolen by hackers earlier this year, making it one of the largest cyber breaches in Australian history. MediSecure, which facilitates electronic prescriptions and dispensing, confirmed it was the victim of a large-scale data breach in May. The company had previously not disclosed how ...