A new report from AVG suggests you should think twice before using your handset to scan unknown Quick Response (QR) codes. The Global Community Powered Threat Report for the fourth quarter of 2011 found an increase in mobile-related malware, with around a million malicious events during the end of last year. Some 78% of those infections were distributed through rooting tools, while traditional malware represented 14% and hacking tools filled the remaining 8%.
It's unclear how much malware spread by QR codes in late 2011, but AVG reports that it's an ideal distribution method for nefarious software and it expects the practice to grow throughout 2012. Users are unaware of what the code contains until the malware has already gained foothold. The point being, QR codes aren't as safe as you might expect them to be. The security firm likens scanning unknown QR codes to running an unfamiliar executable on your computer.
The company offers one example from September 2011, when malware spread through QR codes on a Russian website and forums. The code directed victims to a download location for an infected version of the Jimm mobile ICQ client. The malware sent SMS messages to premium numbers. AVG notes that even codes you believe are safe present some level of risk because malware writers can compromise a website and replace legitimate codes with malicious ones.
The 26-page report (PDF) contains plenty of other stats, including a breakdown on the threat of stolen digital certificates on Android with three real-world example cases. The Blackhole toolkit represented the largest threat during the reporting period, accounting for nearly 48% of malware activity and over 80% of all toolkits found. The US remains the largest source of spam, now followed by the UK, which jumped from fourth to second place in one quarter, overtaking India and Brazil.
"In Q4 we clearly saw the convergence between computers and mobile phones applies to malware too. As phones become more like computers, so do the risks," AVG said. "Many sophisticated tricks of the trade from computers are now being repurposed for phones. However, as phones are often tied into billing systems the gains can be far greater." "At AVG we believe our role is to give people the tools and peace of mind to enjoy their online experience," said CEO JR Smith.