Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    North Korean Threat Actor Spreads Malware via QR Codes

    KnowBe4 Team | Jan 7, 2026

    QR Code PhishingThe North Korean threat actor “Kimsuky” is using QR codes to trick users into installing malicious mobile apps, according to security researchers at ENKI. The phishing sites, which impersonate delivery services, inform users that the webpage cannot be viewed on a desktop.

    The sites instruct the user to scan a QR code in order to open the page on their phone. This helps the attack bypass security defenses that might be present on the user’s work computer.

    “We confirmed that the malicious application was distributed from 27.102.137[.]181, leveraging a QR code that impersonated a legitimate package delivery service,” the researchers explain.

    Among the four malicious applications discovered during the investigation, two masqueraded as delivery service apps. A previous report by ESTSecurity documented similar cases where the threat actor transmitted URLs hosting malicious apps via smishing texts that impersonated delivery companies. Consequently, we assess with high confidence that the threat actor employed smishing or phishing emails for initial access, consistent with historical TTPs.”

    When the user scans the QR code, they’ll be taken to a phishing page that uses social engineering to trick them into installing malware or entering sensitive information.

    “While clicking the link does not automatically execute the malicious application, the threat actor designs sophisticated phishing sites to trick victims into running the malware or entering personal information,” ENKI says.

    “To prevent infection, users should avoid clicking links from unknown senders. For links received from known contacts, if the content appears unusual or suspicious, users should verify the message with the sender before clicking.”

    AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    ENKI has the story.

     

    Return To KnowBe4 Security Blog

    Free QR Code Phishing Security Test

    Did you know dynamic QR code scans increased 433% globally from 2021 to 2022? Try our free QR Code Phishing Security Test to identify users that are most susceptible to these types of attacks so you can train them to think twice before scanning QR codes and build a stronger security culture.

    Monitor-QRT-2Here's how it works:

    • Immediately start your test for up to 100 users (no need to talk to a person)
    • Select from 35 languages and choose one of 3 templates
    • Choose from a “red flags missed” or a “404 error” landing page
    • Get a PDF emailed to you in 24 hours with your Phish-prone Percentage

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/qr-code-phishing-security-test

    Topics: Phishing, Human Risk Management

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk best practices, compliance strategies and industry research to help organizations strengthen their human defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Gartner Magic Quadrant
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.