2 min

Users of mobile devices are increasingly at risk of phishing when they scan fraudulent QR codes. There are also more and more compromised PDF, ZIP and IMG files in circulation and the number of malvertising campaigns is increasing.

This is according to HP Wolf Security in a recent study. The study shows that the number of attacks on mobile devices has increased significantly. Customers of the HP Wolf Security security portfolio clicked more than 25 billion times on misleading emails, Web pages and downloaded files in the fourth and last quarter of 2022. This was without receiving notification of a security breach.

Cybercriminals are increasingly using alternative methods to attack mobile devices, according to the report. Especially since Microsoft implemented the default disabling of macros in Office documents. As a result, cybercriminals had to invent new ways how to target victims.

New methods in use

HP Wolf Security researchers note that a number of new methods are on the rise. For example, the use of fraudulent QR codes for phishing campaigns has been increasing significantly since late last year. Often, the protection of mobile devices against this type of scam is not good. Before such an attack, cybercriminals often pretended to be mail carriers.

Also, the number of fake PDF files increased by more than a third, according to the study. Here, the criminals use Web gateways, and the instructions in the PDF files often include a password that requires victims to extract a ZIP file. The QuakBot or IcedID malware is then installed. This malware provides access to systems and personal data.

In addition, it was discovered that nearly half of the malware is delivered as a ZIP, RAR and IMG file. This is because cybercriminals are increasingly switching to scripts for transporting data. Consider the aforementioned fake PDF files delivered via MS Office tools.


Furthermore, malvertising is another major problem. During the period under investigation, HP Wolf Security specialists discovered 24 impersonations of popular software projects in malvertising attacks. These attacks were used to infect computers with eight malware families.

The attacks rely on users clicking on search engine ads, which then lead to malicious websites. The websites look almost identical to the official websites and therefore these websites are very misleading to the users.


Companies must remain constantly alert to these types of attacks, the researchers state in their conclusion. They say they should deploy good Web security to limit the most common cyber attacks, such as phishing emails, websites and downloads.

In addition, they will need to regularly warn their users to avoid sharing personal information on untrusted websites, thereby improving an organization’s security.

Tip: Jamf: Companies’ device patch management must be handled better