Russian VXers have begun using obnoxious barcode-on-steroids QR codes as a launchpad for mobile malware. A recently identified malicious Quick Response code on a Russian website links through a series of redirections to a site punting a Trojan version of the Jimm mobile ICQ client.
Android users who follow the links and install the application will be infected with a nasty that sends text messages to premium-rate SMS numbers, net security firm Kaspersky warns.

Tricking users into scanning QR codes, which can encode URLs into barcode-like squares, to lure them into installing malicious applications on smartphones is a new threat, dubbed "Attaging" (Attack Tagging). Technically speaking whether a user follows a link in a browser or follows a QR code to reach the same location is no different, apart from the fact users might be more trusting about a non-human-readable QR code than a conventional URL.

The link for this article located at The Register UK is no longer available.