Phishing protection company SlashNext Inc. today announced the launch of a new service to protect against malicious QR code threats such as quishing, QRLJacking and other scams.

The new SlashNext QR Code Phishing Protection service is claimed to be the first security solution to offer protection against multi-channel quishing, for QR code phishing, that blocks malicious QR codes in email, mobile, web and messaging channels such as Slack, iMessage and Microsoft Teams.

SlashNext argues that its new service differs from other security solutions that aim to address quishing and QRLJacking, or QR code login hijacking, by leveraging computer vision and a new QR Code natural language processing classifier that protects users from more than just credential quishing. The new service can detect malicious intent in both the QR code and the accompanying message to deliver accurate protection against QR code-based attacks.

QR codes first became well-known in the West through contact tracing during the COVID-19 pandemic, although they have been used far longer in the U.S. and even more in countries such as China. Anything that becomes popular naturally attracts scammers and other miscreants, which is most definitely true with QR codes.

A report published by SlashNext in October found that an increasing number of cybercriminals are exploiting the widespread use of QR codes to launch sophisticated phishing attacks. Quishing has become particularly common as cybercriminals target unsuspecting users who, trusting the legitimacy of QR codes, can be redirected to malicious sites aimed at stealing sensitive data or tricked into inadvertently downloading malware onto their devices.

Also highlighted in the report is the more niche threat of QRLJacking, which involves attackers exploiting the “login with QR code” feature adopted by numerous apps and websites. A typical QRLJacking involves tricking a user into scanning a controlled QR code, leading to session hijacking.

“In recent months, quishing and QRLJacking have contributed to the huge growth we have observed in phishing,” said SlashNext Chief Executive Patrick Harr. “Without proper protection, it is nearly impossible for the average user to distinguish a legitimate QR code from a malicious code.”

“It is unreasonable to expect employees and everyday users to avoid QR codes altogether when they are quickly becoming ubiquitous in many legitimate service industries and for login purposes,” Harr added. “However, the cybercriminals know this as well, which is why we will only see an increased reliance on quishing and QRLJacking as attack techniques.”

Image: DALL-E 3