PDF documents are being hijacked with malicious QR codes
Date:
Wed, 23 Oct 2024 16:09:00 +0000
Description:
Threat actors want victims accessing malicious sites with a mobile phone, since they are not always as protected.
FULL STORY ======================================================================
Cybersecurity experts have revealed a specific phishing tactic which has become increasingly popular - including malicious QR codes in .PDF files.
Researchers from Barracuda said that in the three months between June and September 2024, they observed (and later analyzed) more than half a million
of phishing emails employing this tactic.
By sharing QR codes in .PDF files, threat actors are doing a number of
things: first - they are evading detection from email security solutions, who can now scan the contents of images in the emails body, but not in the .PDF files attached; and second - they are tricking users into accessing malicious content via their mobile devices, which are generally less defended compared to their desktop counterparts. Shift in tactics
The overall theme of these attacks remains the same - the hackers would impersonate a major brand, and send out an email that warranted a swift reaction. That email could be a pending invoice, a payment notification, information about a bounced parcel, or something similar. The victims were urged to respond immediately, with further information being provided in the .PDF file attached.
Since .PDF files are not as dangerous as .EXE or .LNK files, they rarely
raise any suspicion with the victims. Opening the file up does nothing, but
it also shows nothing except the QR code, which the victim is enticed to scan with their mobile phone.
From there, the threat actors have an easier time navigating the victims to malicious landing pages, fake login sites, or places where malware can be downloaded.
Barracuda also says that certain industries such as finance, healthcare, or education, are being increasingly targeted these days, due to the sensitive data they handle. The researchers also said small-and-medium businesses
(SMBs) were particularly vulnerable given the lack of advanced security tools needed to defend against such sophisticated attacks.
The shift in tactics from embedding QR codes in the body of an email to attaching them in PDF documents makes it harder for traditional defenses to identify and block these attacks before they reach employees, the researchers concluded. More from TechRadar Pro QR Code phishing is advancing to a new level, so be on your guard Here's a list of the best firewalls today These
are the best endpoint protection tools right now
======================================================================
Link to news story:
https://www.techradar.com/pro/security/pdf-documents-are-being-hijacked-with-m alicious-qr-codes
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)