"New Generation of Malicious QR Codes Uncovered by Researchers"

Security researchers at Barracuda have discovered a new generation of QR code phishing (quishing) attacks.  The researchers found that there are new techniques that have been designed to evade traditional security defenses by including QR codes built from text-based ASCII/Unicode characters rather than the standard static image.  The researchers noted that this tactic is designed to evade optical character recognition (OCR)-based defenses.  In an email, it will look like a traditional QR code.  To a typical OCR detection system, it appears meaningless.  Another new technique sees the use of binary large object universal resource identifiers (URIs) to create hard-to-detect phishing pages. The researchers noted that Blob URIs allow web developers to work with binary data like images, videos, or files directly within the browser without having to send or retrieve it from an external server.  Because Blob URIs don’t load data from external URLs, traditional URL filtering and scanning tools may not initially recognize the content as malicious.

Infosecurity Magazine reports: "New Generation of Malicious QR Codes Uncovered by Researchers"