- 955
- 254
Phishing emails with QR codes have long been a common problem, but Kaspersky Lab researchers warn that attackers have found a new way to bypass email service protection. Now, instead of using regular images, attackers are creating QR codes from Unicode text characters, effectively turning them into ASCII art.
According to the researchers, this approach helps attackers bypass security mechanisms that analyze embedded images or attempt to automatically recognize QR codes in images.
ASCII art has been around since the 1960s, when computers simply couldn't display images, and images were assembled from characters. Spammers later adopted this technique: in the 2000s, they began disguising links and malicious content as text images to bypass anti-spam filters and image analysis systems. Now, the same mechanics are being used for QR codes.
The researchers note that at least one similar phishing scheme is already actively used in attacks. A potential victim receives a corporate email supposedly from a business partner. The email contains a message about a "confidential document" that needs to be signed via DocuSign. To access the file, the user is prompted to scan a QR code. This code leads to a fake login page where the attacker attempts to steal the victim's corporate credentials.
While the QR code visually resembles a regular image, it is actually composed entirely of text characters. Because of this, some security solutions simply don't recognize it as a QR code, and the email bypasses filters and reaches the target inbox.
[td]"When a QR code is used to redirect users to a resource that asks them to enter corporate credentials, it's important to remain vigilant. If the QR code is generated using ASCII text, it's almost certainly a phishing attack or a lure designed to trick them into clicking a malicious link," warns Roman Dedenok, a cybersecurity expert at Kaspersky Lab.[/td]Experts believe that as email filters and security tools become more adept at recognizing QR phishing, attackers will seek new methods of disguise. And ASCII art could very well become one such tool.
According to the researchers, this approach helps attackers bypass security mechanisms that analyze embedded images or attempt to automatically recognize QR codes in images.
ASCII art has been around since the 1960s, when computers simply couldn't display images, and images were assembled from characters. Spammers later adopted this technique: in the 2000s, they began disguising links and malicious content as text images to bypass anti-spam filters and image analysis systems. Now, the same mechanics are being used for QR codes.
The researchers note that at least one similar phishing scheme is already actively used in attacks. A potential victim receives a corporate email supposedly from a business partner. The email contains a message about a "confidential document" that needs to be signed via DocuSign. To access the file, the user is prompted to scan a QR code. This code leads to a fake login page where the attacker attempts to steal the victim's corporate credentials.
While the QR code visually resembles a regular image, it is actually composed entirely of text characters. Because of this, some security solutions simply don't recognize it as a QR code, and the email bypasses filters and reaches the target inbox.