QR Code Phishing Evolves: How to Keep Up

This report describes the rapid emergence of QR-code phishing (“quishing”) as an evolving and scalable threat vector—detailing documented campaigns (including Kimsuky and large-volume phishing waves), advanced techniques (split/nested QR codes, Unicode obfuscation), observed impacts (session-token theft and MFA bypass via adversary-in-the-middle proxies), gaps in traditional email/file scanning, and recommended detection approaches illustrated by the Spectra Analyze platform.