Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

PDF documents are being hijacked with malicious QR codes

QR Code.

Cybersecurity experts have revealed a specific phishing tactic which has become increasingly popular - including malicious QR codes in .PDF files.

Researchers from Barracuda said that in the three months between June and September 2024, they observed (and later analyzed) more than half a million of phishing emails employing this tactic.

By sharing QR codes in .PDF files, threat actors are doing a number of things: first - they are evading detection from email security solutions, who can now scan the contents of images in the email’s body, but not in the .PDF files attached; and second - they are tricking users into accessing malicious content via their mobile devices, which are generally less defended compared to their desktop counterparts.

Shift in tactics

The overall theme of these attacks remains the same - the hackers would impersonate a major brand, and send out an email that warranted a swift reaction. That email could be a pending invoice, a payment notification, information about a bounced parcel, or something similar. The victims were urged to respond immediately, with further information being provided in the .PDF file attached.

Since .PDF files are not as dangerous as .EXE or .LNK files, they rarely raise any suspicion with the victims. Opening the file up does nothing, but it also shows nothing except the QR code, which the victim is enticed to scan with their mobile phone.

From there, the threat actors have an easier time navigating the victims to malicious landing pages, fake login sites, or places where malware can be downloaded.

Barracuda also says that certain industries such as finance, healthcare, or education, are being increasingly targeted these days, due to the sensitive data they handle. The researchers also said small-and-medium businesses (SMBs) were particularly vulnerable given the lack of advanced security tools needed to defend against such sophisticated attacks.

“The shift in tactics from embedding QR codes in the body of an email to attaching them in PDF documents makes it harder for traditional defenses to identify and block these attacks before they reach employees,” the researchers concluded.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.