North's hackers using QR codes to bypass smartphone safety features, says South's internet security agency
Published: 13 Jan. 2026, 14:20
-
- LIM JEONG-WON
- [email protected]
![A hacker is seen in front of a North Korean flag in this file image. [JOONGANG ILBO]](https://koreajoongangdaily.joins.com/data/photo/2026/01/13/106451c1-9a58-4970-a6f6-17d5a10e0dda.jpg)
A hacker is seen in front of a North Korean flag in this file image. [JOONGANG ILBO]
South Korean authorities are warning of a new wave of phishing attacks linked to North Korea that use QR codes to bypass traditional security filters, echoing similar alerts issued by the U.S. Federal Bureau of Investigation (FBI).
The Korea Internet & Security Agency (KISA) said Tuesday that it has detected multiple cases of so-called “Q-shing,” a phishing technique that hides malicious links (URLs) inside QR codes. Hackers have impersonated government officials and think tank researchers to lure victims into scanning the codes, the agency said.
Unlike conventional phishing emails, Q-shing embeds links to malware or fake websites in QR codes shown in emails or text messages. Because the links are not visible, the method often slips past spam filters.
Attackers primarily targeted personal smartphones, which are often not protected by corporate or institutional security systems, according to KISA.
In several cases, hackers posed as researchers from domestic or foreign think tanks and contacted targets under the guise of seeking opinions or survey responses on geopolitical issues. Victims were asked to scan QR codes to participate.
Once scanned, the QR codes redirected victims either to malware installation pages that seek extensive smartphone permissions or to phishing pages resembling legitimate social media login screens.
![A hacker is seen in against a North Korean flag in this file image. [JOONGANG ILBO]](https://koreajoongangdaily.joins.com/data/photo/2026/01/13/b6b72ac6-8a3a-464a-b555-2baf57bad00a.jpg)
A hacker is seen in against a North Korean flag in this file image. [JOONGANG ILBO]
If malware is installed, attackers can gain access to device information such as phone model and IMEI numbers, as well as personal data including text messages and photos.
Private cybersecurity firms have reported similar activity. In December, South Korean security company Enki WhiteHat said it identified a campaign by the North Korean hacking group known as Kimsuky that disguised malicious QR codes as package delivery tracking links.
South Korea’s National Intelligence Service has also raised concerns, noting that North Korean hacking groups stole industrial technology and funds worth an estimated 2.2 trillion won ($1.49 billion) last year, often using emerging techniques such as Q-shing.
![The North Korean flag and a laptop are seen in this file image. [JOONGANG ILBO]](https://koreajoongangdaily.joins.com/data/photo/2026/01/13/14517b0a-9f18-4bb9-84a2-966843aa02ab.jpg)
The North Korean flag and a laptop are seen in this file image. [JOONGANG ILBO]
Warnings have also come from abroad. The FBI recently issued an advisory stating that Kimsuky-linked actors are expanding Q-shing attacks targeting government agencies, think tanks, academics and corporate officials.
The FBI cited a case in May last year in which a think tank leader received a phishing email from someone posing as a foreign adviser seeking views on the Korean Peninsula. The email contained a malicious QR code purportedly linking to a survey.
KISA urged the public not to scan QR codes included in unsolicited emails or messages and to verify suspicious codes through its “Q-shing Check Service” on the Protect Korea KakaoTalk channel.
It also advised users who suspect infection to run mobile antivirus scans, reissue digital certificates and review mobile payment activity to prevent further damage.
BY LIM JEONG-WON [[email protected]]
with the Korea JoongAng Daily
To write comments, please log in to one of the accounts.
Standards Board Policy (0/250자)