Can QR Codes Spread Computer Viruses?
By Bob Rankin
Any doubts I may have had about the viability of QR codes have evaporated. You know a new technology is catching on when malware authors start using it to snare unwary users. Read on to learn how those funny black squares can carry a nasty (and expensive) payload…
QR Code Malware
QR codes are squares of black and white patterns that encode the URLs of Web sites in a format that can be scanned and deciphered by smartphones equipped with the right apps. Instead of typing a URL into your phone’s browser, you can just snap a picture of a QR code and be whisked to an ad, an informative Web page… or a malicious site that silently downloads a virus, rootkit, or trojan to your phone.
Kasperky Labs has detected two samples of malware delivered via QR codes, both targeting Android phones. One of them sends SMS messages from the infected phone to a premium-priced number; each text message costs the victim six dollars! Other types of malware can scoop up your contacts list, send spam emails in your name, and wreak other sorts of mischief.
Can a QR code itself contain malware? Theoretically, yes, but it wouldn’t do much. A QR code can contain only a limited amount of data: 7089 numeric characters or 4296 alphanumeric characters. You can’t write much of a program in that space. But a QR code can easily take you to a malicious site.