The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Malicious QR Codes Pushing Android Malware

Kaspersky Lab Expert
Posted September 30, 14:43  GMT
Tags: Mobile Malware, Google Android, QR code

According to Wikipedia QR code is a type of matrix barcode (or two-dimensional code) first designed for the automotive industry. QR codes are becoming more and more popular today and are used in banners, magazines, transport and badges in order to provide quick and easy access to particular information. A QR code has a pretty big capacity (compared to a simple barcode) and is able to store 7089 numeric characters or 4296 alphanumeric characters; and it is more than enough to store text or URL.

But about the malicious QR codes? Yes, you scan a QR code with the help of your smartphone and it redirects you to a URL with a malicious file (APK or JAR). Such QR codes exist and are gaining in popularity.

Today people who use smartphones often look for new software for their devices with the help of desktop PCs. If a user finds something interesting he or she must retype the application URL in the smartphone browser for downloading it. It’s not very convenient so that’s why such websites have QR codes which can be easily scanned.

It is known that today a lot of mobile malware (especially SMS Trojans) is spread via sinister websites where all software is malicious. And cybercriminals have started to use malicious QR codes for users’ ‘convenience’. Here is an example of such a website:

Part of the website with malicious QR code

It is interesting to mention that the blurred URL is working but there is no ‘jimm.apk’ file associated with this link. But if a user scans the QR code he will be redirected to another URL that does have a ‘jimm.apk’ file. This file is detected by us as Trojan-SMS.AndroidOS.Jifake.f:

The malware itself is a Trojanized Jimm application (mobile ICQ client) which sends several SMS messages to premium rate number 2476 (6 USD each). After the installation an icon named ‘JimmRussia’ will appear in the phone menu.


At the same time other websites also contain malicious QR codes with the links to various J2ME SMS Trojans:

Another website with malicious QR code

Usage of QR codes for malware spreading was predictable. And as long as this technology is popular cybercriminals will use it. These two examples illustrate the very beginning of such usage and in the nearest future likely we will see more pieces of mobile malware which is spread via QR codes.


Oldest first
Table view


2011 Oct 01, 00:29

This was publicated before in the following links



and here

And here
Pagina de Scientific American



Costin Raiu

2011 Oct 01, 01:28

Different stories

Kaotic - thanks for your comment; the stories are unrelated though.

The earlier mention points to a more theoretical research on the subject. This one here is a real world case of cybercriminals using QR Codes to distribute malware from a Partnerka network.



2011 Oct 07, 18:38

Kaspersky Internet Security

Can an anti virus like KIS(kaspersky internet security) able to detect a mobile malware and can clean it?



2012 Apr 09, 00:14


Perfect post. Learn how to incorporate QR codes in your web apps to deliver quick information directly to your users' mobile device http://blog.caspio.com/web_apps/4-ways-to-use-qr-codes-in-your-web-apps/

If you would like to comment on this article you must first

Bookmark and Share