The growing popularity of Quick Response (QR codes) on smart phones has officially become a new distribution vehicle for malware on Android devices.
According to security researchers at Kaspersky Lab (important disclosure: my employer), hackers are are using QR codes posted on web sites to redirect smart phones to other sites hosting an Android trojan.
Once a user scans the QR code (using special apps), the code redirects them to a site that will install a Trojan on their phones.
Once installed, the Trojan will send a number of SMS messages to premium-rate numbers, which will end up costing the victim some money, depending on how quickly she is able to find and remove the Trojan.
Kaspersky's Denis Maslennikov reports that the malware itself is a Trojanized Jimm application (mobile ICQ client) which sends several SMS messages to premium rate number 2476 (US$6.00 each).