September 29, 2023

Cybersecurity researchers uncovered a big phishing marketing campaign utilizing malicious QR codes with the hopes of buying Microsoft credentials at a number of targets, together with a significant U.S. vitality firm.

QR codes have turn out to be broadly adopted for the reason that onset of the COVID-19 pandemic, with 1000’s of eating places and companies changing bodily menus and guides with the machine-readable photos that pull up webpages containing the identical data.

However hackers have been fast to use the development, launching campaigns that unfold faux QR codes to steal person data.

Cybersecurity agency Cofense launched a brand new report on Wednesday figuring out a marketing campaign that started in Could concentrating on a big selection of industries. The hackers despatched 1000’s of emails containing malicious QR codes to firms, which took customers to a Microsoft credential phishing web page.

The report’s creator, Cofense cyber risk intelligence analyst Nathaniel Raymond, instructed Recorded Future Information that they had been unable to attribute the marketing campaign to a particular risk actor however discovered similarities to a earlier marketing campaign that used instruments from firms in Russia.

Examples of QR codes used within the marketing campaign. Picture: Cofense

“This marketing campaign initially appeared in small numbers however ultimately grew to a quantity far past what is generally seen in campaigns of the same stage, making it stand out,” Raymond mentioned, including that the variety of emails despatched out has grown by about 270% every month.

Raymond declined to call the vitality firm that was attacked however mentioned that about 29% of the emails they tracked as a part of the marketing campaign had been despatched to the vitality firm.

The researchers mentioned the manufacturing business noticed one other 15% of the emails whereas insurance coverage, tech and monetary companies corporations additionally noticed sizable parts of the marketing campaign’s site visitors.

Raymond famous that it’s doubtless different organizations are being attacked by the risk actors with the identical marketing campaign however their percentages are primarily based on the emails Cofense noticed.
The emails lured victims by showing to narrate to account safety updates. The QR code took victims to a faux Microsoft web page asking for credentials.

The researchers famous that QR codes haven’t usually been utilized by hackers at this scale, however risk actors could also be testing out the tactic due to its effectiveness compared to extra conventional hyperlinks embedded in most phishing emails.

They famous that QR codes have a “significantly better likelihood of reaching an inbox because the phishing hyperlink is hiding contained in the QR picture, whereas the QR picture is embedded inside a PNG picture or PDF attachment.”

Most cell units should not regulated by employers, placing them exterior of the safety of the enterprise setting, the researchers defined.

Screen Shot 2023-08-16 at 3.58.49 PM.png
Picture: Cofense

The hackers additionally encoded the phishing hyperlinks in redirects in order that when victims flash their digicam over the QR code, the hyperlink that seems appears to be like authentic.

SafeBreach CISO Avishai Avivi mentioned the report represented an attention-grabbing improvement in how malicious actors function, noting that the pandemic has made QR codes ubiquitous.

“Customers, by now, are used to responding to those codes by merely pulling their smartphones and scanning the code. This motion is completed with little concern about whether or not these codes are malicious,” Avivi mentioned.

“This tendency to scan any QR code introduced to the person raises issues as some purposes, together with safety controls, additionally use QR codes to perform totally different duties. These duties embrace confirming id, enrolling an authenticator software, and extra. A malicious code can bypass or divert the person to carry out an motion they didn’t intend to execute.”

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

Jonathan Greig

Jonathan Greig is a Breaking Information Reporter at Recorded Future Information. Jonathan has labored throughout the globe as a journalist since 2014. Earlier than shifting again to New York Metropolis, he labored for information shops in South Africa, Jordan and Cambodia. He beforehand lined cybersecurity at ZDNet and TechRepublic.