Random QR codes spotted in public spaces can pose real risks. When scanned, they may trigger hidden downloads of malware to a smartphone and enable other harmful actions. This warning comes from Sergei Bodrov, who leads the Roskachestvo Center for Digital Expertise, speaking to socialbites.ca.
“QR codes are capable of doing more than just linking to information. They can install software, identify your location, or create calendar events that deliver social engineering content, nudging you to click malicious links,” Bodrov noted. “That is why scanning codes out of curiosity in every corner can be dangerous.”
He underscored that the core danger lies in the fact that you cannot assess a QR code’s content without scanning it. To protect systems, analysts should look for indirect indicators and patterns that hint at illicit activity rather than relying on a quick glance.
If a shopper sees a discreet black square next to a product at a checkout, the risk is obvious and straightforward. But a QR code posted on a wall in a busy public area or tucked away in a dim alley is more suspicious. In such cases, it is prudent to avoid scanning and to keep scanning devices away from unknown codes.
Bodrov also advised against downloading third party apps to scan QR codes. These apps can carry malware or unwanted behavior. Most modern smartphones already include a built in scanner, and many device cameras can read both barcodes and QR codes without needing extra software.
The conversation around QR code misuse has grown beyond isolated incidents. In recent online discussions in RuNet, there have been reports of large scale cyber operations that leveraged compromised QR mechanisms, demonstrating how quickly threats can scale when a single code goes unchecked. The takeaway is simple: treat unfamiliar QR codes with caution, especially in public spaces, and rely on trusted, built in scanning features whenever possible to minimize exposure to risk.