Malicious QR codes (blog.talosintelligence.com)

submitted 4 days ago* (last edited 4 days ago) by Joker@sh.itjust.works to c/cybersecurity@sh.itjust.works

4 comments fedilink hide all child comments

QR codes are disproportionately effective at bypassing most anti-spam filters, as most filters are not designed to recognize that a QR code is present in an image and decode the QR code. According to Talos’ data, roughly 60% of all email containing a QR code is spam.

Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption. Users could obscure the data modules, the black and white squares within the QR code that represent the encoded data. Alternatively, users could remove one or more of the position detection patterns — large square boxes located in corners of the QR code used to initially identify the code's orientation and position.

Further complicating detection, both by users and anti-spam filters, Talos found QR code images which are “QR code art”. These images blend the data points of a QR code seamlessly into an artistic image, so the result does not appear to be a QR code at all.

you are viewing a single comment's thread
view the rest of the comments

[-] kn33@lemmy.world 3 points 3 days ago

roughly 60% of all email ~~containing a QR code~~ is spam.

FTFY

Also, good spam filters will "detonate" the email and detect QR code spam. They'll follow the link in the code and check it out.

this post was submitted on 20 Nov 2024

22 points (100.0% liked)

Cybersecurity

5734 readers

175 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social