Cyble’s CRIL identified a sophisticated quishing campaign, Scanception, which uses QR codes in PDFs to deliver malware and steal credentials, bypassing traditional security tools. This campaign impacts global organizations across various sectors by targeting mobile endpoints and exploiting trusted platforms for redirection. #Scanception #QRCodePhishing
Keypoints
- The Scanception campaign embeds QR codes in PDF files to evade security controls and target mobile devices.
- It has created over 600 unique phishing PDFs over three months, with most undetected on VirusTotal.
- The attack employs AI-in-the-middle phishing pages mimicking Office 365 login portals to harvest credentials.
- Cybercriminals abuse trusted platforms like YouTube, Google, and Cisco to host or relay malicious content.
- The campaign rapidly evolves, employing multi-stage phishing, advanced evasion, and dynamic URL generation techniques.
Read More: https://thecyberexpress.com/scanception-qr-code-quishing-campaign/