The Hidden Danger of PDF Files with Embedded QR Codes


The SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time.

QR codes are increasingly popular due to their versatility and ease of use. Beyond payments and feedback, QR codes have a wide range of applications across various industries such as marketing, retail, education, healthcare, hospitality, transportation, real estate, public services, entertainment, business operations, personal use etc. Malware authors are efficiently taking advantage of its popularity. Sonicwall researchers observed that a lot of PDF files are coming from emails (fax) containing QR Codes asking users to scan with smart phone camera.

Read more…
Source: Sonicwall


Sign up for our Newsletter


Related:

  • October 2018’s Most Wanted Malware: For The First Time, Remote Access Trojan Reaches Top 10 Threats

    November 13, 2018

    For the first time, Check Point threat intelligence researchers found that a remote access Trojan (RAT) has reached the Global Threat Index’s Top 10.  Dubbed “FlawedAmmyy”, this type of attack allows attackers to remotely control the victim’s machine– gaining full access to the machine’s camera and microphone, collecting screen grabs, stealing credentials and sensitive files, ...

  • Microsoft patches Windows zero-day used by multiple cyber-espionage groups

    November 13, 2018

    Microsoft released today its monthly roll-up of security patches known as Patch Tuesday. This month, the Redmond-based company has fixed 62 security flaws. Among the 62 fixes, there is also a fix for a zero-day vulnerability that was under active exploitation before today’s patches were made available. The zero-day, tracked as CVE-2018-8589, impacts the Windows Win32k component. Microsoft ...

  • Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants

    November 13, 2018

    Cybercriminals have become more and more creative and efficient in their efforts to successfully bypass network security. Reports of unauthorized network intrusions that have compromised enterprise security, resources, and data, plague experts on a day-to-day basis, and will continue to do so if not prevented by a more efficient detection system or method. Currently, attackers use polymorphism, ...

  • EUROPOL: Internet Organised Crime Threat Assessment 2018

    November 12, 2018

    It is my pleasure to introduce the 2018 Internet Organised Crime Threat Assessment (IOCTA), not only as it is the fifth anniversary edition of the report, but also my first as the Executive Director of Europol. The IOCTA has been and continues to be a flagship strategic product for Europol. It provides a unique law enforcement ...

  • The White Company: Inside the Operation Shaheen Espionage Campaign

    November 12, 2018

    In a new collection of extensive research reports, the Cylance Threat Intelligence Team profiles a new, likely state-sponsored threat actor called The White Company – in acknowledgement of the many elaborate measures they take to whitewash all signs of their activity and evade attribution. The report details one of the group’s recent campaigns, a year-long espionage ...

  • IoT security: Why it will get worse before it gets better

    November 7, 2018

    There are billions of connected devices in use around the world, in our homes, our offices, even inside our bodies as medical devices are connected to an ever-growing internet of things (IoT). Vendors rush to add to the range of devices available, with many looking to gain a hold in the market as quickly as possible, delivering ...