Malicious QR codes are redirecting to phishing sites hosted by the threat actors for obtaining financial credentials and personal information of users...

Continue reading
Quick Response (QR) codes have been growing in prominence to become an emerging attack vector primarily targeting users across the USA. The Federal Bureau of Investigation (FBI) has raised alarms earlier this week following the public service announcement (PSA) released by the Bureau's Internet Crime Complaint Center (IC3).
According to the federal law enforcement agency _"Cybercriminals are tampering with QR codes to redirect victims to malicious sites that steal login and financial information,"_.
Threat actors are maliciously crafting the QR codes intended to capture the financial & personal details of the users who scan the same for payment to any businesses, as mentioned in the notification of the FBI. Moreover, the intended QR codes are designed to stealthily install malware on the devices or even redirect all the payments to the accounts regulated by the threat actors behind anyone's attention.
As soon as someone scans the legitimate-looking QR code, it quickly redirects the end-user to a phishing site designed & developed by the threat actors, and further promptly tricked to enter the login credentials and even financial information, making it a step easier for threat actors to hijack the bank accounts.
Additionally, the FBI highlighted that _"While QR codes are not malicious in nature, it is crucial to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code,"_.
However, it is highly advised to stay vigilant while making any payments digitally through scanning QR codes as _"Law enforcement cannot guarantee the recovery of lost funds after transfer."_
Following the scanning of QR codes, always pay close attention to the redirecting URL, be cautious before entering any details and also try making sure that there aren't any malicious codes overlying the physical QR codes. Installation of apps primarily through scanning QR codes and/or downloading third-party QR code scanners should be reconsidered by all means to avoid being prey. And as a safety practice, always try to insert URLs manually, especially when making payments, instead of scanning a QR code that could be a malicious setup to redirect you to phishing sites.
In pursuit to keep pretty much everyone alerted about the QR code online scams, the FBI also issued another PSA in November last year focusing on the worst-case scenarios resulting from scanning malicious QR codes and how to verify its overall authenticity.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation