January 13, 2026 | South Korea’s internet security agency has issued a fresh warning over a new wave of QR code–based phishing attacks linked to North Korean hacker groups. The agency said attackers are increasingly using a technique known as “Q-shing,” in which malicious links and malware are concealed within QR codes, allowing them to bypass conventional email and message security filters.
According to the agency, recent cases show hackers impersonating government officials, think-tank researchers and academic experts to lure targets. Victims were reportedly contacted under the pretext of seeking opinions or participation in geopolitical surveys, and were asked to scan QR codes provided in emails or text messages.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
Personal smartphones primary target
The agency said personal smartphones have emerged as the primary targets, as such devices are often outside corporate or institutional security systems. Once a QR code is scanned, users are either redirected to malware installation pages, where applications request excessive permissions, or to fake login pages designed to resemble legitimate social media platforms.
If malware is installed, attackers can gain access to sensitive device information, including phone models, IMEI numbers, text messages, photographs and other personal data. The agency warned that such access poses a serious threat to user privacy and financial security, particularly when compromised devices are linked to mobile payment services.
Private cybersecurity firms corroborate findings
Private cybersecurity companies have also reported similar activity. In one case highlighted last month, a security firm said it detected a campaign attributed to North Korea-linked hackers, in which malicious QR codes were disguised as parcel delivery tracking links. Users who scanned the codes were redirected to harmful websites designed to steal credentials or deploy spyware.
These findings suggest that Q-shing attacks are being rapidly adapted to everyday scenarios, exploiting users’ familiarity with QR codes in logistics, payments and digital services.
Claims of significant financial losses
South Korea’s intelligence authorities have previously warned that North Korean hacking groups caused extensive damage last year by stealing industrial technology and funds, with losses estimated at around 2.2 trillion won. Officials have noted that emerging cyber techniques such as Q-shing are being used more frequently as attackers seek to evade detection and traditional cybersecurity defenses.
The growing sophistication of these methods has raised concerns about the ability of existing safeguards to keep pace with evolving cyber threats.
International alerts also issued
Warnings have not been limited to South Korea. Authorities overseas have also flagged similar risks. A major U.S. investigative agency recently issued an advisory stating that North Korea-linked cyber actors are expanding QR-based phishing campaigns, targeting government agencies, think tanks, academics and corporate officials.
In one cited incident, a think-tank leader received an email from an individual posing as a foreign adviser, seeking views on issues related to the Korean Peninsula. The email included a QR code claiming to link to a survey, which was later identified as part of a phishing operation.
Public urged to remain cautious
South Korea’s internet security agency has urged the public not to scan QR codes included in unsolicited emails or messages, even if they appear to come from credible sources. Users have been advised to verify suspicious QR codes through a dedicated verification service provided via an official messaging platform.
The agency also recommended that individuals who suspect their devices may have been compromised should run mobile antivirus scans, reissue digital certificates and review mobile payment activity to prevent further damage.
Rising pressure on cyber defenses
Experts say the incidents highlight how the widespread use of QR codes has opened new avenues for cybercrime. As digital interactions increasingly rely on quick-scan technologies, attackers are expected to continue exploiting user trust and convenience.
The latest alerts underscore that the nature of cyber threats is constantly evolving, and that digital vigilance by ordinary users is becoming as critical as institutional cybersecurity measures in defending against sophisticated attacks.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
