Be Careful: There Are Various Malicious QR Codes in .PDF Files

Cybersecurity experts have uncovered a widespread phishing approach, which involves embedding harmful QR codes in .PDF files.

Barracuda researchers said that between June and September 2024, they noticed (and later analyzed) more than half a million phishing emails using this tactic.

Threat actors are doing several things by sharing QR codes in .PDF files.

First, they avoid being detected by email security solutions, which can now scan the contents of images in the email's body but not in the .PDF files. Besides, they are tricking users into viewing harmful content via their smartphones, which are less secure than their desktop counterparts.

Malicious QR codes are being used to hijack PDF documents

The basic idea of these attacks has remained consistent: hackers would pretend to be a large brand and send an email requiring a quick response. That email might contain a payment notification, a pending invoice, information on a returned delivery, or something similar. 

The victims were advised to reply promptly, and more information may be found in the attached .PDF file.

Because these kinds of files are not as harmful as .EXE or .LNK files, they rarely arouse suspicion among victims. 

Opening the file accomplishes nothing, but it also displays nothing but the QR code, which is used to encourage the victim to scan with their phone.

Read more: Thunes: QR Code Payment Solutions for Tourists in China