A new phishing campaign that utilises several QR codes has targeted Chinese-speaking individuals and tried to steal their info and credentials. Based on reports, the researchers noticed that the phishing operators used an email that contained an MS Word document.
The attached document from the hackers masquerades as an essential archive from the Chinese Ministry of Finance.
Once a target accesses the attachment, it will present a series of texts and a large QR code in the body of the message. Subsequently, the code could redirect recipients to a URL that is in an attacker-controlled environment.
Researchers also noted that the website impersonates the DingTalk instance, an enterprise communication platform. The site will then prompt the target to give their credentials, allowing the hackers to harvest them.
QR codes have been an essential tool for contactless transactions that threat actors adopted for their phishing campaigns.
Cybercriminal operations have gathered numerous credentials in their campaigns that exploit QR codes. Researchers explained that actors could use these stolen credentials for their other attacks or be sold to another gang for future operations.
This phishing campaign shows how malicious actors put effort into creating landing pages that look legitimate and could trick even the most knowledgeable targets. Hence, users and organisations should invest more in cybersecurity literacy.
In a related incident, a group of Chinese-speaking scammers targeted Chinese international students in the United Kingdom. The group executed a visa fraud operation to track students into paying lucrative amounts to avoid getting deported back to China.
The scamming attack used a method of calling the targets a couple of times a month using a UK phone number. The scammers also used an automated voicemail if the recipients did not answer.
Threat groups and scammers will continue to employ these attacks and scams as they could quickly propagate them. Furthermore, QR code phishing attacks could be jarring for security researchers to detect and can significantly damage a targeted individual or organisation.
Users and admins should be aware of the risks offered by QR codes and be wary of accessing QR codes from unwanted emails or unknown sources.
