Android malware writers have found a new and convenient way of delivering malware to users. This method makes use of malicious QR codes.
QR (Quick Response) codes are a type of matrix barcode which contains encoded forms of data. They can also be used to store URL information.
Most people look for new software for their devices with the help of desktop PCs.
So instead of typing a complete URL into the smartphone browser, various websites have QR codes which can be easily scanned with the help of the smartphone camera.
The new trojan has been found on some malicious sites through malicious QR code.
When users scan the QR code with their mobile phones, the code redirects them to a site that will install a trojan on their phones. Once installed, the trojan will send a number of SMS messages to premium-rate numbers.
Icon of the application:
During installation it asks the user for the following permissions:
The malware then sends SMS messages to various premium-rate numbers.
Quick Heal Mobile Security detects the file as TrojanSMS.AndroidOS.Jifake.f.
We request users to avoid scanning QR codes from untrusted websites to be on the safe side.