LogoHackDB
icon of Evil QR

Evil QR

Evil QR is a toolkit demonstrating how attackers can take over accounts by convincing users to scan supplied QR codes through phishing.

Introduction

Evil QR: Phishing with QR Codes

Evil QR is a proof-of-concept toolkit designed to demonstrate QRLJacking, a phishing technique that exploits QR code-based login systems. It allows attackers to potentially gain control of user accounts by tricking them into scanning malicious QR codes.

Key Features:

  • QR Code Extraction: The Evil QR browser extension can extract QR codes from various web elements (CANVAS, IMG, SVG, DIV) on login pages.
  • Dynamic Phishing Pages: The Evil QR server hosts phishing pages that dynamically display attacker-controlled QR codes.
  • Customizable Pre-text: Phishing pages can be customized with personalized text to enhance social engineering.
  • HTTP Long Polling: Uses HTTP Long Polling for near real-time updates of QR codes on the phishing page.
  • Account Takeover Detection: The extension can detect successful logins on the victim's account.

Use Cases:

  • Demonstration of QRLJacking: Illustrates the potential risks associated with QR code-based login systems.
  • Red Team Exercises: Can be used in red team operations to simulate phishing attacks and assess security awareness.
  • Security Research: Provides a platform for researching and developing countermeasures against QRLJacking attacks.

Target Users:

  • Security researchers
  • Red team operators
  • Penetration testers
  • Security enthusiasts

Information

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates