QR code phishing has reportedly been on the rise. And that isn’t surprising given that almost everyone today can’t live without their mobile phones. In fact, a study cited that 86% of the entire global population use their smartphones to browse the Internet, settle bills online, and even pay for purchases in brick-and-mortar establishments.1
Trustwave published 18 URLs as indicators of compromise (IoCs) related to the QR phishing code campaign they recently investigated.2 The WhoisXML API research team extracted the URLs’ domains for an IoC list expansion analysis to uncover other unreported potentially connected artifacts and found:
- 10,000 domains with the same registrant name as one of the IoCs in their WHOIS records, 10 of which turned out to be malicious based on a bulk malware check
- 10 unique IP addresses to which the domains from the extracted 18 URLs identified as IoCs resolved
- 114 domains that shared the seemingly dedicated IP addresses that played host to the extracted domains, 26 of which turned out to be malicious based on a bulk malware check
- 10,045 domains that contained text strings found among some of the extracted domains, four of which turned out to be malicious based on a bulk malware check
- 30 domains with the exact string qr.codes akin to one of the domains extracted from the URLs identified as IoCs
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
—
- [1] https://www.zippia.com/advice/smartphone-usage-statistics/
- [2] https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/think-before-you-scan-the-rise-of-qr-codes-in-phishing/