PDF documents are being hijacked with malicious QR codes

(Image credit: Pixabay)

Cybersecurity experts have revealed a specific phishing tactic which has become increasingly popular - including malicious QR codes in .PDF files.

Researchers from Barracuda said that in the three months between June and September 2024, they observed (and later analyzed) more than half a million of phishing emails employing this tactic.

By sharing QR codes in .PDF files, threat actors are doing a number of things: first - they are evading detection from email security solutions, who can now scan the contents of images in the email’s body, but not in the .PDF files attached; and second - they are tricking users into accessing malicious content via their mobile devices, which are generally less defended compared to their desktop counterparts.

Shift in tactics

The overall theme of these attacks remains the same - the hackers would impersonate a major brand, and send out an email that warranted a swift reaction. That email could be a pending invoice, a payment notification, information about a bounced parcel, or something similar. The victims were urged to respond immediately, with further information being provided in the .PDF file attached.

Since .PDF files are not as dangerous as .EXE or .LNK files, they rarely raise any suspicion with the victims. Opening the file up does nothing, but it also shows nothing except the QR code, which the victim is enticed to scan with their mobile phone.

From there, the threat actors have an easier time navigating the victims to malicious landing pages, fake login sites, or places where malware can be downloaded.

Barracuda also says that certain industries such as finance, healthcare, or education, are being increasingly targeted these days, due to the sensitive data they handle. The researchers also said small-and-medium businesses (SMBs) were particularly vulnerable given the lack of advanced security tools needed to defend against such sophisticated attacks.

“The shift in tactics from embedding QR codes in the body of an email to attaching them in PDF documents makes it harder for traditional defenses to identify and block these attacks before they reach employees,” the researchers concluded.

More from TechRadar Pro

QR Code phishing is advancing to a new level, so be on your guard
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.