Phishing on the Edge of the Web and Mobile Using QR Codes

Key Points:

• Attackers are increasingly using QR codes for phishing (quishing) and scams, leveraging URL shorteners and in-app deep links to bypass security controls.
• The impact includes compromised accounts, financial fraud, and the distribution of malicious applications, particularly targeting mobile devices and messaging apps like Telegram and Signal.
• Recommended actions include implementing advanced URL filtering, educating users about the risks associated with scanning QR codes, and employing mobile sandbox environments for detection.

Technical Details: The article highlights various attack vectors involving QR codes, including the use of URL shorteners to mask malicious destinations and in-app deep links that can trigger harmful actions within mobile applications. Specific examples include QR codes leading to phishing sites impersonating legitimate services.

MITRE ATT&CK Techniques:

• T1566 - Phishing (Initial Access)
• T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
• T1003.001 - OS Credential Dumping: LSASS Memory (Credential Access)

IOCs Mentioned:

• hxxps://www.dropbox.com/scl/fi/7e8xqrcxgzftrk61omgn0/Presentation.pptx?rlkey=xgk24xllhh4qqv1li2ifd3e3s&st=xvtu5b7y&dl=0
• hxxps://qrco.de/bgP6vx
• hxxps://cdnimg.jeayacrai.in.net/qY42h5ei3SBo9ZmvO!/
• hxxp://kccomputech.in/babukh1513273
• bitcoin:12wXzmwak8LJ88e1ejupY3brfQi43xdDhb
• tg://login?token=AQJgx85oZgPcBRoIg76p-8BBy4nB4Wpel-PvZ8Og7t_--A