Rogue QR Codes Steal Microsoft Credentials and Crypto Funds

Rogue-QR-Codes-Steal-Microsoft-Credentials-and-Crypto-Funds

Abnormal discovered and blocked nearly 200 emails received to our clients between September 15, 2021, and October 13, 2021, which were all part of a phishing effort aiming to acquire Microsoft credentials. That was not unusual in and of itself, as Microsoft 365 login information is one of the most sought-after sets of credentials.

 

What makes these communications distinct is that they included QR codes that provided access to a missed voicemail, so evading the URL scan function for email attachments found in secure email gateways and native security safeguards. Because all of the QR code pictures were made on the same day they were delivered, it is unlikely that they were previously reported and would be recognized by a security blocklist. Six distinct identities were utilized to deliver messages for the campaign, with the majority tailored to seem linked to the target’s sector.

 

The attackers exploited hacked email accounts to carry out their plan, utilizing the target organization’s genuine Outlook infrastructure to distribute the QR codes itself. The phishing websites at the conclusion of the QR code scans were hosted on a corporate survey service and were linked to IP addresses from Google or Amazon.

 

Between September 15 and October 13, Abnormal reported blocking over 200 emails as part of a phishing effort.

  • Hackers attempted to entice unwary users by sending messages with QR codes that provided access to a missed voicemail.
  • When victims attempt to play the voice message, they are led to a bogus Microsoft landing page that encourages them to provide their credentials.

 

An earlier version of this communication, issued in September, included a URL link buried beneath a picture of what seems to be an audio file. While this commonplace method was utilized fairly creatively, it was eventually spotted and classified as a threat by another security service, which was bad for the criminal actors.

 

Criminals utilized hacked Outlook accounts to give credibility to phishing emails, allowing them to avoid email security checks. To host the phishing sites, they used corporate survey services linked to Amazon and Google IP addresses. The QR code pictures were reportedly created on the same day that the emails were sent, most likely to prevent prompt reporting and being banned by security systems.

 

A substantial number of people conduct crypto transactions using QR codes linked to crypto accounts. Here are some methods that hackers have used in the past to steal bitcoin from victims.

 

Scammers were discovered in August demanding money from consumers by enticing them to visit a Bitcoin ATM at a petrol station loaded with a rogue QR code. The Better Business Bureau was alerted to a number of similar occurrences, involving utility services and job offers, among others.

By IEMA IEMLabs

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.