The Hidden Danger of PDF Files with Embedded QR Codes

July 5, 2024, 4:21 p.m.

Description

The report describes how malware authors are abusing PDF files with embedded QR codes to deceive users into visiting malicious phishing URLs disguised as legitimate services. The QR codes redirect users to fake Microsoft login pages designed to harvest credentials and potentially gain unauthorized access to sensitive data. The report details the techniques used, potential consequences, and provides indicators of compromise (IOCs) and SonicWall protection signatures.

External References

https://blog.sonicwall.com/en-us/2024/07/the-hidden-danger-of-pdf-files-with-embedded-qr-codes/
https://otx.alienvault.com/pulse/6688132da74a7dbcd8876bf9
Tags
phishing
credential theft
2024-07-05
pdf files
qr codes
malicious urls

Date

  • Created: July 5, 2024, 3:37 p.m.
  • Published: July 5, 2024, 3:37 p.m.
  • Modified: July 5, 2024, 4:21 p.m.

Indicators

  • 68d72745079d00909989c92141255ba530490cd361a26ee1f4083acf35168c45
Download all indicators here!

Attack Patterns

Additional Informations

  • Technology
  • Finance
  • Government