{"id":129567,"date":"2025-10-09T20:27:41","date_gmt":"2025-10-09T20:27:41","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=129567"},"modified":"2025-10-09T20:27:45","modified_gmt":"2025-10-09T20:27:45","slug":"quishing-attack-with-weaponized-qr-code","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/quishing-attack-with-weaponized-qr-code\/","title":{"rendered":"New Quishing Attack With Weaponized QR Code Targeting Microsoft Users"},"content":{"rendered":"\n

Microsoft users are facing a novel quishing campaign that leverages weaponized QR codes embedded in malicious emails.<\/p>\n\n\n\n

Emerging in early October 2025, this attack exploits trust in QR-based authentication and device pairing workflows, tricking targets into scanning codes that deliver infostealer binaries.<\/p>\n\n\n\n

Initial reports surfaced when Gen Threat Labs analysts noted anomalous QR attachments spoofing<\/a> Microsoft branding within corporate Office 365 notifications.<\/p>\n\n\n\n

Recipients who scanned the codes were redirected to a compromised Azure CDN node hosting a staged payload delivery sequence.<\/p>\n\n\n\n

Following its emergence, researchers identified multiple infection vectors. One involves a phishing email purporting to be a Microsoft Teams alert, instructing users to scan a QR code to resolve an urgent security issue.<\/p>\n\n\n\n

Another impersonates a Microsoft Authenticator<\/a> enrollment prompt, promising \u201cenhanced login protection\u201d upon scanning. Because many organizations encourage QR-based multi-factor setup, these lures appear legitimate at first glance.<\/p>\n\n\n\n

Gen Threat Labs researchers noted that victims saw familiar Microsoft logos and correctly formatted links, increasing the campaign\u2019s reach and success rate.<\/p>\n\n\n\n

The impact spans credential theft<\/a> and system compromise. Once the QR code is scanned, victims receive a short URL that resolves to a malicious redirector script.<\/p>\n\n\n\n

\n

We have detected ongoing #Quishing<\/a> campaign targeting #Microsoft<\/a> brand. The attacker uses AV evasion in malicious QR code to avoid detection:
– QR code splitted into 2 images
– Non standard colors
– QR code drawn using the content-stream

Stay sharp & safe! #Cybersecurity<\/a>\u2026 pic.twitter.com\/YwBdpnNzP3<\/a><\/p>— Gen Threat Labs (@GenThreatLabs) October 7, 2025<\/a><\/blockquote>