Thursday, March 27, 2025
HomeCyber Security NewsHackers use Malicious QR Codes to Retrieve Employee Credentials

Hackers use Malicious QR Codes to Retrieve Employee Credentials

Published on

SIEM as a Service

Follow Us on Google News

Hackers use Malicious QR Codes to Retrieve Employee Credentials. Sophisticated technology has been overwritten by simple technologies like QR replacing Barcodes. QR (Quick Response) has been playing a major role in the current generation, which provides the response within a snap.

Speaking of the speed QR codes provide, hackers adapting themselves to it for conducting phishing attacks has increased. Researchers at Inky have seen the latest phishing campaign with QR codes for stealing credentials from employees.

QR Phishing Campaign

The recent QR phishing campaign comes from hijacked organizational accounts which impersonate large brands like Microsoft, Sharepoint, or others.

Based on their analysis, the phishing campaigns originated from a hijacked Japanese retail store, an American manufacturer, and a digital marketing service company in Canada.

QR Phishing campaign

Altogether, these phishing campaigns account for more than 545 emails originating from hijacked accounts, which are found to be a “spray and pray” attack by the attackers.

Image-based QR Phishing

One of the most unique techniques followed in this phishing campaign is that these emails do not contain any text in them. Instead, the email contains only an image of the Malicious QR Codes and the text, which evades any text-based phishing detection

These emails additionally require an OCR (Optical Character Recognition) to convert the words in the image to text which is then used for checking phishing texts.

To make this phishing campaign more legitimate to the victims, they have added a parameter in the URL with the victim’s email ID that automatically fills in the email address and name of the victim. This convinces any person who doesn’t have an awareness of phishing.

Parameter changed to [batman@batman.com] by Inky researchers

Inky has published a complete analysis of the phishing campaign. Individuals must train to protect themselves from these kinds of malicious phishing attempts.

“AI-based email security measures Protect your business From Email Threats!” – .

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

G2 Names INE 2025 Cybersecurity Training Leader

INE, a global leader in networking and cybersecurity training and certifications, is proud to...

Threat Actors Compromise 150,000 Websites to Promote Chinese Gambling Platforms

A large-scale cyberattack has compromised approximately 150,000 legitimate websites by injecting malicious JavaScript to...

New FamousSparrow Malware Targets Hotels and Engineering Firms with Custom Backdoor

ESET researchers have uncovered new activity from the China-aligned APT group FamousSparrow, revealing two...

New Research Links RansomHub’s EDRKillShifter to Established Ransomware Gangs

ESET researchers have connections between the newly emerged ransomware-as-a-service (RaaS) group RansomHub and established...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Threat Actors Compromise 150,000 Websites to Promote Chinese Gambling Platforms

A large-scale cyberattack has compromised approximately 150,000 legitimate websites by injecting malicious JavaScript to...

New FamousSparrow Malware Targets Hotels and Engineering Firms with Custom Backdoor

ESET researchers have uncovered new activity from the China-aligned APT group FamousSparrow, revealing two...

New Research Links RansomHub’s EDRKillShifter to Established Ransomware Gangs

ESET researchers have connections between the newly emerged ransomware-as-a-service (RaaS) group RansomHub and established...