Related papers: ALFA: A Safe-by-Design Approach to Mitigate Quishing Attacks Launched via Fancy QR Codes

ALFA: A Safe-by-Design Approach to Mitigate Quishing Attacks Launched via Fancy QR Codes

URL: http://arxiv.org/abs/2601.06768v1
Date: Sun, 11 Jan 2026 03:56:56 GMT
Title: ALFA: A Safe-by-Design Approach to Mitigate Quishing Attacks Launched via Fancy QR Codes
Authors: Muhammad Wahid Akram, Keshav Sood, Muneeb Ul Hassan, Dhananjay Thiruvady,
Abstract summary: Phishing with Quick Response (QR) codes is termed as Quishing. The attackers exploit this method to manipulate individuals into revealing their confidential data.<n>Recently, we see the colorful and fancy representations of QR codes, the 2D matrix of QR codes which does not reflect a typical mixture of black-white modules anymore.<n>We introduce "ALFA", a safe-by-design approach, to mitigate Quishing and prevent everyone from accessing the post-scan harmful payload of fancy QR codes.
Score: 2.854810947832689
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Phishing with Quick Response (QR) codes is termed as Quishing. The attackers exploit this method to manipulate individuals into revealing their confidential data. Recently, we see the colorful and fancy representations of QR codes, the 2D matrix of QR codes which does not reflect a typical mixture of black-white modules anymore. Instead, they become more tempting as an attack vector for adversaries which can evade the state-of-the-art deep learning visual-based and other prevailing countermeasures. We introduce "ALFA", a safe-by-design approach, to mitigate Quishing and prevent everyone from accessing the post-scan harmful payload of fancy QR codes. Our method first converts a fancy QR code into the replica of binary grid and then identify the erroneous representation of modules in that grid. Following that, we present "FAST" method which can conveniently recover erroneous modules from that binary grid. Afterwards, using this binary grid, our solution extracts the structural features of fancy QR code and predicts its legitimacy using a pre-trained model. The effectiveness of our proposal is demonstrated by the experimental evaluation on a synthetic dataset (containing diverse variations of fancy QR codes) and achieve a FNR of 0.06% only. We also develop the mobile app to test the practical feasibility of our solution and provide a performance comparison of the app with the real-world QR readers. This comparison further highlights the classification reliability and detection accuracy of this solution in real-world environments.

Related papers

QRïS: A Preemptive Novel Method for Quishing Detection Through Structural Features of QR [3.1186758722870582]
Cyberattackers embed falsify and misleading information in QR codes to launch various phishing attacks which termed as Quishing.<n>We propose QR"iS, the pioneer method to classify QR codes through the comprehensive structural analysis of a QR code.<n>Our method is clearly transparent which makes it reproducible, scalable, and easy to comprehend.
arXiv Detail & Related papers (2025-10-20T05:30:47Z)
Revisiting Backdoor Attacks on LLMs: A Stealthy and Practical Poisoning Framework via Harmless Inputs [54.90315421117162]
We propose a novel poisoning method via completely harmless data.<n>Inspired by the causal reasoning in auto-regressive LLMs, we aim to establish robust associations between triggers and an affirmative response prefix.<n>We observe an interesting resistance phenomenon where the LLM initially appears to agree but subsequently refuses to answer.
arXiv Detail & Related papers (2025-05-23T08:13:59Z)
Detecting Quishing Attacks with Machine Learning Techniques Through QR Code Analysis [2.8161155726745237]
The rise of QR code based phishing ("Quishing") poses a growing cybersecurity threat.<n>Existing detection methods predominantly focus on URL analysis, which requires the extraction of the QR code payload.<n>We propose the first framework for quishing detection that directly analyzes QR code structure and pixel patterns without extracting the embedded content.
arXiv Detail & Related papers (2025-05-06T11:47:13Z)
DiffQRCoder: Diffusion-based Aesthetic QR Code Generation with Scanning Robustness Guided Iterative Refinement [9.43230708612551]
We propose a training-free Diffusion-based QR Code generator (DiffQRCoder) to craft both scannable and visually pleasing QR codes.<n>The proposed approach introduces Scanning-Robust Perceptual Guidance (SRPG), a new diffusion guidance for Diffusion Models.<n>Our approach robustly achieves over 95% SSR, demonstrating its capability for real-world applications.
arXiv Detail & Related papers (2024-09-10T09:22:35Z)
AdvQDet: Detecting Query-Based Adversarial Attacks with Adversarial Contrastive Prompt Tuning [93.77763753231338]
Adversarial Contrastive Prompt Tuning (ACPT) is proposed to fine-tune the CLIP image encoder to extract similar embeddings for any two intermediate adversarial queries. We show that ACPT can detect 7 state-of-the-art query-based attacks with $>99%$ detection rate within 5 shots. We also show that ACPT is robust to 3 types of adaptive attacks.
arXiv Detail & Related papers (2024-08-04T09:53:50Z)
Hooked: A Real-World Study on QR Code Phishing [0.0]
The usage of quick response (QR) codes was limited in the pre-era of the COVID-19 pandemic. We conducted a real-world phishing campaign with two different QR code variants at a research campus. Both, the phishing campaign and the survey, show that a professional design receives more attention. Although the results confirm that technical-savvy users are more aware of the risks, they also underpin the malicious potential for non-technical-savvy users.
arXiv Detail & Related papers (2024-07-23T07:14:50Z)
Ring-A-Bell! How Reliable are Concept Removal Methods for Diffusion Models? [52.238883592674696]
Ring-A-Bell is a model-agnostic red-teaming tool for T2I diffusion models. It identifies problematic prompts for diffusion models with the corresponding generation of inappropriate content. Our results show that Ring-A-Bell, by manipulating safe prompting benchmarks, can transform prompts that were originally regarded as safe to evade existing safety mechanisms.
arXiv Detail & Related papers (2023-10-16T02:11:20Z)
Noisy-Correspondence Learning for Text-to-Image Person Re-identification [50.07634676709067]
We propose a novel Robust Dual Embedding method (RDE) to learn robust visual-semantic associations even with noisy correspondences. Our method achieves state-of-the-art results both with and without synthetic noisy correspondences on three datasets.
arXiv Detail & Related papers (2023-08-19T05:34:13Z)
Inverse Problems Leveraging Pre-trained Contrastive Representations [88.70821497369785]
We study a new family of inverse problems for recovering representations of corrupted data. We propose a supervised inversion method that uses a contrastive objective to obtain excellent representations for highly corrupted images. Our method outperforms end-to-end baselines even with a fraction of the labeled data in a wide range of forward operators.
arXiv Detail & Related papers (2021-10-14T15:06:30Z)
An End-to-end Method for Producing Scanning-robust Stylized QR Codes [45.35370585928748]
We propose a novel end-to-end method, named ArtCoder, to generate stylized QR codes. The experimental results show that our stylized QR codes have high-quality in both the visual effect and the scanning-robustness.
arXiv Detail & Related papers (2020-11-16T09:38:27Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.