Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    North Korean Threat Actor Spreads Malware via QR Codes

    KnowBe4 Team | Jan 7, 2026

    QR Code PhishingThe North Korean threat actor “Kimsuky” is using QR codes to trick users into installing malicious mobile apps, according to security researchers at ENKI. The phishing sites, which impersonate delivery services, inform users that the webpage cannot be viewed on a desktop.

    The sites instruct the user to scan a QR code in order to open the page on their phone. This helps the attack bypass security defenses that might be present on the user’s work computer.

    “We confirmed that the malicious application was distributed from 27.102.137[.]181, leveraging a QR code that impersonated a legitimate package delivery service,” the researchers explain.

    Among the four malicious applications discovered during the investigation, two masqueraded as delivery service apps. A previous report by ESTSecurity documented similar cases where the threat actor transmitted URLs hosting malicious apps via smishing texts that impersonated delivery companies. Consequently, we assess with high confidence that the threat actor employed smishing or phishing emails for initial access, consistent with historical TTPs.”

    When the user scans the QR code, they’ll be taken to a phishing page that uses social engineering to trick them into installing malware or entering sensitive information.

    “While clicking the link does not automatically execute the malicious application, the threat actor designs sophisticated phishing sites to trick victims into running the malware or entering personal information,” ENKI says.

    “To prevent infection, users should avoid clicking links from unknown senders. For links received from known contacts, if the content appears unusual or suspicious, users should verify the message with the sender before clicking.”

    AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    ENKI has the story.

    Topics: Phishing Human Risk Management

    Is Your Organization Vulnerable to Quishing?

    Traditional filters often miss malicious links hidden in QR codes. Launch our Free Quishing Test for up to 100 users to identify security gaps and receive your custom Phish-prone Percentage report within 24 hours.

    Get Your Free Quishing Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk and agent security best practices, compliance strategies and industry research to help organizations strengthen their digital defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog

    Posts By Topic

    View All