Your Phone Can Be Infected By a Barcode

It's amazing how many ways malware can enter your computer or phone. The people who create and distribute these dreadful little programs are like ants; you block one entryway into your kitchen and they figure out another one.

And here's another little trick of the human insects: According to an article in The H, they can infect your Android phone via a barcode.

More specifically, they do it through a Quick Response (QR) code—a square, two-dimensional barcode originally created by Toyota to track its manufacturing process. Amongst their other uses, QR codes can contain URLs. For instance, a poster or a print article can contain a QR code. Photograph the code with the right phone app (Google Goggles, for instance), and it will open your phone's browser to the desired page.

These QR codes also appear on websites listing Android software. That way, you can research apps in the comfort of your computer's full-sized keyboard and big screen. Then, when you find a program you want, you scan the QR code on your phone and go to the appropriate download page.

You can already see what's coming, can't you?

Untrustworthy websites have recently turned up touting Android apps and, of course, displaying QR codes. Scan in one of those codes, and your phone will download a file called jimm.apk; inside that you'll find (or more likely, not find, although it will be there) a Trojan called ANDROIDOS_JIFAKE.E. Like the malicious programs I discussed in "Opera Malware Hits the Wrong Note," this tool will text a premium phone number at your expense.

What can you do about it? Be careful what codes you scan, of course. Even better, make sure you have Trend Micro Mobile Security installed on your phone. Recently named by PC World one of the 100 Best Products of 2011, Mobile Security will keep malicious software off of your Android device and protect it in other ways, as well. You can download the free version from the Android Market, upgrade to the full version, or acquire it as part of Trend Micro Titanium Maximum Security, which will also protect your Windows computer.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Security Watch Newsletter