Similar to phishing campaigns where users are tricked into entering their login credentials on faulty sites, this scam employs multiple social engineering techniques to get users to scan QR codes, which in turn will give the scammers access to banking login credentials. Aside from stealing banking login credentials, other QR codes are being used to deploy malware onto the devices of victims. Public and unguarded QR codes can even be replaced with those of the attackers to steal payments made by users. An example of this was seen in China when attackers were able to swap the codes of a bike-sharing application in order to obtain payments from the bike renters. Many scammers have been arrested for these tactics with two perpetrators stealing 90 million yuan ($13 million USD) and another with a takeaway of 900,000 yuan ($129,748 USD).
Analyst Notes
Pay attention to details of the QR code before payments are confirmed. If users suspect a fraudulent transaction, it should be reported to their bank immediately. Login credentials should also be changed.
