AVG: QR code-based malware attacks to rise in 2012

By on January 25, 2012, 6:30 PM

A new report from AVG suggests you should think twice before using your handset to scan unknown Quick Response (QR) codes. The Global Community Powered Threat Report for the fourth quarter of 2011 found an increase in mobile-related malware, with around a million malicious events during the end of last year. Some 78% of those infections were distributed through rooting tools, while traditional malware represented 14% and hacking tools filled the remaining 8%.

It's unclear how much malware spread by QR codes in late 2011, but AVG reports that it's an ideal distribution method for nefarious software and it expects the practice to grow throughout 2012. Users are unaware of what the code contains until the malware has already gained foothold. The point being, QR codes aren't as safe as you might expect them to be. The security firm likens scanning unknown QR codes to running an unfamiliar executable on your computer.

The company offers one example from September 2011, when malware spread through QR codes on a Russian website and forums. The code directed victims to a download location for an infected version of the Jimm mobile ICQ client. The malware sent SMS messages to premium numbers. AVG notes that even codes you believe are safe present some level of risk because malware writers can compromise a website and replace legitimate codes with malicious ones.

The 26-page report (PDF) contains plenty of other stats, including a breakdown on the threat of stolen digital certificates on Android with three real-world example cases. The Blackhole toolkit represented the largest threat during the reporting period, accounting for nearly 48% of malware activity and over 80% of all toolkits found. The US remains the largest source of spam, now followed by the UK, which jumped from fourth to second place in one quarter, overtaking India and Brazil.

"In Q4 we clearly saw the convergence between computers and mobile phones applies to malware too. As phones become more like computers, so do the risks," AVG said. "Many sophisticated tricks of the trade from computers are now being repurposed for phones. However, as phones are often tied into billing systems the gains can be far greater." "At AVG we believe our role is to give people the tools and peace of mind to enjoy their online experience," said CEO JR Smith.




User Comments: 7

Got something to say? Post a comment
NTAPRO NTAPRO said:

Lol is there no limit xD

motrin said:

something else we have to worry about..

stewi0001 stewi0001 said:

it makes me sad that people abuse technology and ruins its full (good) potential...

Emexrulsier said:

I think AVG need to shut up shop now and stop creating utter useless bs articles.

"AVG notes that even codes you believe are safe present some level of risk because malware writers can compromise a website and replace legitimate codes with malicious ones."

Hell that means even AVG application isn't safe because malware writers can compromise their website and replace legit downloads with their own ones. One complete utter bs!

tonylukac said:

We have a 20 year old tv. Now, communist capitalism wants you to replace your device every year or 2.

Guest said:

On spot, so true. Backing your stuff up is the best one can do. And never buy anything online.

Guest said:

This is just fear-mongering. A QR code is simply encoded text. If the use of the QR code is to direct the user to a webpage, that's a flaw of the operating environment or the operator to not check out the QR code content before doing something with the data contained within it.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.