Daily QR scan scams phish mobile device users.

According to the latest quarterly HP Wolf Security Threat Insights Report, cybercriminals are diversifying their attack methods, including a surge in QR code phishing campaigns.

By isolating threats on PCs that evade detection tools, HP Wolf Security gains concrete insight into the latest techniques used by cybercriminals in the rapidly changing cybercrime landscape.

To date, HP Wolf Security customers have clicked over 25 billion email attachments, web pages and downloaded files, with no reported violations.

Starting in February 2022, Microsoft began blocking macros in Office files by default, making it more difficult for attackers to run malicious code. Data collected by the HP Threat Research team shows that from Q2 2022 onwards, attackers are diversifying their techniques to find new ways to compromise devices and steal data.

A study based on data from millions of endpoints running HP Wolf Security found:

The Rise of QR Scan Fraud
Since October 2022, HP has seen QR code “scanning fraud” campaigns almost daily. These scams can trick users into using mobile devices to scan QR codes from their PCs, taking advantage of weak phishing protections and detections on such devices.
QR codes direct users to malicious websites asking for credit or debit card details. An example from Q4 included a phishing campaign masquerading as a parcel carrier asking for payment.

HP noted a 38% increase in malicious PDF attachments
Recent attacks use embedded images that link to malicious encrypted ZIP files to bypass web gateway scanners. The PDF instructions contained a password that the user was tricked into entering to unzip her ZIP file, deploying the QakBot or IcedID malware to gain unauthorized access to the system and the ransomware. used as a stepping stone to deploy

42% of malware was delivered within archive files such as ZIP, RAR and IMG
Archive popularity has increased by 20% since Q1 2022. This is because the attacker switches to a script to execute the payload. This compares to 38% of malware delivered via Office files such as Microsoft Word, Excel, and PowerPoint.

Alex Holland, Senior Malware Analyst on the HP Wolf Security Threat Research Team at HP Inc. said:

“But as the rise in scan fraud, malvertising, archiving and PDF malware shows, when one door closes another door opens.

“Users should be wary of emails and websites that ask them to scan a QR code to give up sensitive data, and PDF files that link to password-protected archives.”

In Q4, HP also found 24 popular software projects mimicked in malvertising campaigns that infected PCs with eight malware families. The attack relies on a user clicking on a search engine ad, leading to a malicious website that looks almost identical to his real website.

Dr. Ian Pratt, Global Head of Personal Systems Security, HP Inc., commented:

“Organizations should implement strong isolation to contain the most common attack vectors such as email, web browsing, and downloads. By alerting or preventing the entry of sensitive information, it significantly reduces the attack surface and improves an organization’s security posture.”

HP Wolf Security performs high-risk tasks such as opening email attachments, downloading files, and clicking links on an isolated micro-virtual machine (micro-VM) to protect users and Captures detailed traces of infected infections. HP’s application isolation technology mitigates threats that can slip past other security tools and provides unique insight into new intrusion techniques and attacker behavior.