Close

Beware QR codes as malware's tentacles spread further

Hackers are hijacking QR codes for evil, not good, as smartphone use proliferates – and using ever more sophisticated means to break into computers.

Web security specialist AVG says the latest threats to cybersecurity are malicious QR codes and rootkits, essentially dark versions of operating systems able to 'hide' from antivirus software. Hackers use rootkits to copy passwords, install malicious software and send spam from a computer. The only way to get rid of these pesky bugs is to re-install the system from scratch.

AVG became aware of the problem when a number of complainants said they’d downloaded malicious apps, after hackers replaced QR codes on unsuspecting Russian websites and forums distributing the apps.

“As phones become more like computers, so do the risks,” said AVG chief technology officer Yuval Ben-Itzhak.

“Many sophisticated tricks of the trade from computers are now being repurposed for phones. However, as phones are often tied into billing systems the gains can be far greater.”



While QR codes were convenient, he said they were vulnerable to lax mobile device security.

2011 saw a rise in the number of people using Android phones and the number of users unintentionally downloading malware software. During December Google removed 22 malicious apps from the Android market.

AVG says there were around one million malicious apps detected during the final 2011 quarter. The US is the largest source of spam, followed by the UK.

Michael McKinnon, security advisor at AVG (AU/NZ) said smartphone sales are outstripping the number of PCs sold.

"What many smartphone owners don't seem to realise is that they're walking around with the equivalent of a desktop PC from 5-8 years ago in their pockets, and the evolution of malware is also expanding into this new playing field.”