The Hidden Danger of PDF Files with Embedded QR Codes, Researchers Warn

SonicWall Capture Labs, the threat research arm of cybersecurity firm SonicWall, has issued a warning regarding a new phishing technique exploiting the widespread use of QR codes. The team has observed a surge in malicious PDF files distributed via email, which contain embedded QR codes designed to deceive unsuspecting victims.

Malicious PDF files with QR code

Upon scanning the QR code, users are redirected to a phishing URL cleverly designed to evade security detections. In a recent observation, SonicWall researchers identified a phishing URL that initially appeared to be hosted by Bing.com. This tactic helps bypass many security filters. However, it soon redirects to an actual phishing page disguised as an official Microsoft login page.

Here, users are prompted to enter their Microsoft account credentials, including their user ID and password. The primary intent behind this deception is to harvest these credentials for malicious purposes, such as unauthorized access to the user’s email, personal information, and potentially sensitive corporate data.

SonicWall’s research indicates that the threat posed by these malicious QR codes extends beyond simple credential theft. Scanning the code can trigger a cascade of harmful actions on the victim’s smartphone, including:

• Unauthorized installation of malicious applications
• Automatic enrollment in costly premium SMS services
• Initiation of calls to high-priced premium-rate numbers

To safeguard against this emerging threat, we recommend the following best practices:

• Exercise extreme caution when encountering QR codes embedded within PDF files, particularly those received via email.
• Always verify the source and legitimacy of the QR code before scanning.
• Implement two-factor authentication on Microsoft accounts to add layer of security.
• Maintain up-to-date anti-virus and anti-malware software on all devices.