The SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time.
QR codes are increasingly popular due to their versatility and ease of use. Beyond payments and feedback, QR codes have a wide range of applications across various industries such as marketing, retail, education, healthcare, hospitality, transportation, real estate, public services, entertainment, business operations, personal use etc. Malware authors are efficiently taking advantage of its popularity. Sonicwall researchers observed that a lot of PDF files are coming from emails (fax) containing QR Codes asking users to scan with smart phone camera.
Read more…
Source: Sonicwall
Related:
- Keyloggers Turn to Zoho Office Suite in Droves for Data Exfiltration
October 2, 2018
An extremely high number of keylogger phishing campaigns have been seen tied to the Zoho online office suite software; in an analysis, a full 40 percent spotted in the last month used a zoho.com or zoho.eu email address to exfiltrate data from victim machines. A Cofense analysis, published Tuesday, of popular keylogging malware – which records ...
- World Cup may have distracted malware hackers
October 2, 2018
This holiday season, together with the 2018 World Cup that took place in Russia, may have lulled hackers, cyber security researchers are claiming. New research from Cofense says that the distribution of TrickBot saw a significant drop during the World Cup. TrickBot is a banking malware known by constantly being updated and transformed. From April, up until ...
- Microsoft Detection Tools Sniff Out Fileless Malware
October 2, 2018
Microsoft recently reported that their advanced threat protection tools were able to detect and block two heavily obfuscated and malicious scripts. The threats were apparently using the Sharpshooter technique, which was documented and published in a 2017 blog post from a British security firm. A report from the company details the elusive payload—it did not trigger antivirus scanning, was loaded ...
- GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers
October 1, 2018
Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials. Dubbed GhostDNS, the campaign has many similarities with the infamous DNSChanger malware that works by changing DNS server settings ...
- Report Ties North Korean Attacks to New Malware, Linked by Word Macros
October 1, 2018
Newly discovered malware from the world of cyberespionage connects the dots between the tools and operations of the little-known Reaper group believed to act on behalf of the North Korean government. The latest findings indicate that the remote access Trojans (RAT) in the KONNI and DOGCALL families are the work of the same operator, tasked with ...
- An insider view of a cybersecurity training workshop for employees of Europe’s transmission system operators.
October 1, 2018
After the hackers had stealthily accessed the SCADA system and blew the transformer with a loud bang, the defenceless employees had no option but to remove the control plugs and manually turn the machine back on. “That’s what they had to do in Ukraine,” said Michael John, Director of Operations at the European Network for Cybersecurity (ENCS), referring to the world’s ...