WhatsApp spear phishing campaign uses QR codes to add device | Malwarebytes

A cybercriminal group, “Star Blizzard,” is using QR codes in a spear phishing campaign to access WhatsApp accounts of high-profile targets. The group, posing as experts, sends broken QR codes to targets, prompting them to respond with a remark about the broken link. The cybercriminals then send a shortened URL to a website displaying another QR code, which, when scanned, adds an extra device to the target’s WhatsApp account, granting the group access to their messages.