International. SonicWall has announced that its threat research team Capture Labs has identified PDF files with QR codes that are being exploited by cybercriminals.
More than 2.5 trillion PDF files are created each year, a format created in 1993 by Adobe System and which is still extremely popular. In 2023, 98% of companies stated that they would use this format to share internal and external documents. A study based on Google searches indicates that, in 2014, PDF was the most widely used format in the world, followed by .DOC and .XLS.
One evolution of this standard is the growing use of QR codes in the PDF universe. In addition to payments and feedback, QR codes have a wide range of applications in various industries, including marketing, retail, education, healthcare, hospitality, transportation, real estate, utilities, entertainment, business operations, personal use, and more.
Malware creators take advantage of this popularity. "We have noticed that many PDF files come from emails containing QR codes that ask users to scan them with their smartphone's camera. Some claim to be security updates, while others contain SharePoint links to sign documents," said Juan Alejandro Aguirre, Director of Engineering Solutions for SonicWall Latin America.
After scanning the QR code, a phishing URL appears in which the host, in this case, is bing.com. "It is a strategy to avoid security detections," explains Aguirre. From there, the user is redirected to the phishing page created by the digital criminals. The spoofing link opens a web page very similar to Microsoft's official sign-in page.
The next step is to ask users to enter their Microsoft account credentials, such as user ID and password. "The goal of criminals is to collect these credentials for malicious purposes, such as unauthorized access to the user's email, personal information, and sensitive corporate data," says Aguirre.
Scanning a malicious QR code can lead to a wide range of serious consequences; In these cases, users are asked to scan the code with a smartphone. The QR code scanning functionality on mobile devices can be leveraged to carry out actions without the user's explicit consent.
This includes:
- Automatic download and installation of malicious applications.
- Subscription of users to premium-rate SMS services, with consequent unexpected costs.
- Initiating calls to premium-rate numbers, with the consequent high costs.
- Theft of credentials.
- Exploitative attacks.
- Network engagement.
- Reputational damage.
- SonicWall Protections
"Thanks to the expertise of our SonicWall Capture Labs technicians, we were able to quickly publicize not only the exploit created by the criminals, but also the solution to this threat," says Aguirre, who adds that SonicWall customers can prepare for any breach that may occur due to this malware, thanks to the following signatures:
- MalAgent.A_1998 (Trojan).
- MalAgent.A_1999 (Trojan).
Leave your comment