Check Point Software Technologies is warning mobile users of the security risks of QR codes as their usage has exploded during the Covid-19 pandemic.

Concerns over Covid-19 transmission has seen restaurants adopting QR codes so that customers can browse menus on their phone or make contactless payments, and QR codes recording check-ins at venues via contact tracing apps.

Hackers are looking to take advantage of QR codes’ new popularity, by replacing legitimate QR codes with one that launches a malicious URL or tries to download customized malware when scanned.

Earlier in 2020, Belgian federal police issued a warning about an online fraud involving QR codes. When scanned, the malicious code tries to access the login credentials used for other apps on the user’s phone – such as banking and retail apps – to try to steal login data or set up unauthorized transactions.

ING Bank in the Netherlands has also warned of fraudulent QR codes, which attempt to link a second person to customers’ ING accounts via the ING bank’s phone app.

A recent survey by MobileIron showed that from March to September 2020, 38% of respondents scanned a QR code at a restaurant, bar or café, and 37% scanned a code at a retailer. More than half (51%) of respondents stated they do not have, or did not know if they had security software installed on their phones. In many cases, these phones hold both personal and business apps and data, putting organizations at increased cyber-risk.

Check Point’s 2020 Cyber Security Report showed that 27% of organizations worldwide were impacted by cyber-attacks involving mobiles, and 34% hit by mobile malware.