Watch out before scan: Emerging Malicious Use of QR Code by Cyber Criminals

Xiaolong Guo , Senior Security Engineer , Tencent

Lei Bi , Senior Security Engineer , Tencent

Mobile Payment Has been increasing rapidly in China. People can make payments simply by scanning a generated QR Code. When traveling, shopping, or even driving a bike, what is needed is just open the correspondent APP to scan a secure code. Everyone can do scan to pay, scan to use, and scan to share. QR Code, which have been widely used in popular APP such as Wechat and Alipay in China, has bring great convenience, while also lead to more security issues than traditional payment approach. Money always the most important target for cyber criminals.

In this paper, we will present our recent study on QR Code Threats in China. The final presentation will include the following parts.

Firstly, we make a comprehensive summary on attacks based on QR code, which we observed in recent time. Such attacks involve QR code phishing, QR code APP exploit, social engineering tricks using QR Code, and malicious QR Code link. We will show the different attack process. How cyber criminals take advantage of QR code to cheat people, steal the money silently. Real case scenario will be elaborated. This part aim to let readers quick comprehend why QR code safety is a critical issue in today cyber world.

Next, we will talk about our analysis on QR Code related malware samples intercepted by our Antivirus Lab. Detail malware data statistics will be provided. We will show the technical details, related code examples and make summary on the techniques which are commonly used by malware. How malware utilize the fake code, How Trojans threaten the banking app, How to disguise as a regular application are all included.

In addition, we will give our latest study on how we can detect above malware samples. Several security suggestions and future research plan are proposed. We hope this paper can help everyone better understand QR code threat in China and pay more attention when scanning an unknown code.

Xiaolong Guo

Guo Xiaolong is a senior security engineer at Tencent. He joined Tencent in 2011, and has focused on Windows and Android security for eight years.His main responsibilities are malicious code analysis through advanced reverse engineering. His recent project is Tencent’s anti-virus engine ( TAV ).

Lei Bi

Bi Lei is a senior security engineer at Tencent.Hejoined?Tencent in 2011. He has almost 10 years malware analysis experiences, focus on automatic malware clustering,advanced reverse engineering.He is interested in all fields of security.