Friday, February 21, 2025
HomeCyber Security NewsHackers use Malicious QR Codes to Retrieve Employee Credentials

Hackers use Malicious QR Codes to Retrieve Employee Credentials

Published on

SIEM as a Service

Follow Us on Google News

Hackers use Malicious QR Codes to Retrieve Employee Credentials. Sophisticated technology has been overwritten by simple technologies like QR replacing Barcodes. QR (Quick Response) has been playing a major role in the current generation, which provides the response within a snap.

Speaking of the speed QR codes provide, hackers adapting themselves to it for conducting phishing attacks has increased. Researchers at Inky have seen the latest phishing campaign with QR codes for stealing credentials from employees.

QR Phishing Campaign

The recent QR phishing campaign comes from hijacked organizational accounts which impersonate large brands like Microsoft, Sharepoint, or others.

Based on their analysis, the phishing campaigns originated from a hijacked Japanese retail store, an American manufacturer, and a digital marketing service company in Canada.

QR Phishing campaign

Altogether, these phishing campaigns account for more than 545 emails originating from hijacked accounts, which are found to be a “spray and pray” attack by the attackers.

Image-based QR Phishing

One of the most unique techniques followed in this phishing campaign is that these emails do not contain any text in them. Instead, the email contains only an image of the Malicious QR Codes and the text, which evades any text-based phishing detection

These emails additionally require an OCR (Optical Character Recognition) to convert the words in the image to text which is then used for checking phishing texts.

To make this phishing campaign more legitimate to the victims, they have added a parameter in the URL with the victim’s email ID that automatically fills in the email address and name of the victim. This convinces any person who doesn’t have an awareness of phishing.

Parameter changed to [batman@batman.com] by Inky researchers

Inky has published a complete analysis of the phishing campaign. Individuals must train to protect themselves from these kinds of malicious phishing attempts.

“AI-based email security measures Protect your business From Email Threats!” – .

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

SPAWNCHIMERA Malware Exploits Ivanti Buffer Overflow Vulnerability by Applying a Critical Fix

In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer...

Sitevision Auto-Generated Password Vulnerability Lets Hackers Steal Signing Key

A significant vulnerability in Sitevision CMS, versions 10.3.1 and earlier, has been identified, allowing...

NSA Allegedly Hacked Northwestern Polytechnical University, China Claims

Chinese cybersecurity entities have accused the U.S. National Security Agency (NSA) of orchestrating a...

ACRStealer Malware Abuses Google Docs as C2 to Steal Login Credentials

The ACRStealer malware, an infostealer disguised as illegal software such as cracks and keygens,...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

SPAWNCHIMERA Malware Exploits Ivanti Buffer Overflow Vulnerability by Applying a Critical Fix

In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer...

Sitevision Auto-Generated Password Vulnerability Lets Hackers Steal Signing Key

A significant vulnerability in Sitevision CMS, versions 10.3.1 and earlier, has been identified, allowing...

NSA Allegedly Hacked Northwestern Polytechnical University, China Claims

Chinese cybersecurity entities have accused the U.S. National Security Agency (NSA) of orchestrating a...