Kaspersky disclosed a dramatic increase in detections of phishing campaigns that use embedded QR codes to redirect victims to malicious sites. The vendor warned attackers are leveraging PDFs and mobile redirects to bypass URL scanning and urged user caution and mitigation controls.

Kaspersky published an industry report showing a more than fivefold rise in detections of QR‑code based phishing between August and November 2025, a trend cited in January 2026 coverage by security analysts. Researchers observed attackers embedding QR images inside PDFs, email bodies, and image attachments to force victims to use mobile devices for link resolution, circumventing many traditional URL and email scanners. The campaigns mimic legitimate services and use shortened or obfuscated landing pages that harvest credentials or deliver malware. Kaspersky detailed detection telemetry, common lures, and recommended mitigations including disabling automatic QR decoding in enterprise platforms, educating users on verifying embedded QR targets before scanning, sandboxing document processing, and applying mobile device management policies that restrict unmanaged device access. The vendor also encouraged defenders to integrate QR image analysis into threat hunting and to prioritize protections for remote and mobile workflows where quishing is most effective. The report elevates quishing as a rapidly growing vector that complements classic phishing and social engineering techniques.