Home/ Questions/Q 7958257
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T04:23:36+00:00

I read several articles about this (e.g., How QR Codes can Deliver Malware ),

  • 0

I read several articles about this (e.g., How QR Codes can Deliver Malware), and it seems to create quite so buzz.

From what I read, all the so-called “malware” are links to malicious web sties or apps. My question is: are there other forms of QR code malware? If not, then what’s new about this type of malware?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    QR codes have a maximum payload of ~4K so there’s no chance of buffer overflows or anything like that to the QR scanner.

    However, they can be used to direct people to malicious content in a couple of interesting ways.

    1. You know that the computer visiting a link is likely to be a mobile device. If you have a browser exploit for, say, iPhone – you can deliver it once the user visits the web page.

    2. Using a very long URL, you could fool the user into thinking they are visiting a “safe” site. If a QR scanner only shows the first, say, 20 characters of a URL, you could craft a QR which goes to 

      https://www.VerySafeSite.com.evilsite.com
    3. While the scanner may not be susceptible to buffer overflows, the addressbook may be. So crafting a vCard with an abnormally long field may provide a vector for attack – although this is highly unlikely.
    4. Sticker attacks are possible. A criminal could find a poster with a legitimate QR code and place a sticker of a QR code over it. That would likely trick people into scanning.

    So, essentially, it’s virtually impossible to have a malicious QR code – only a malicious destination.

    • 0