This threat involves phishing emails that embed QR codes constructed from ASCII or Unicode characters (ASCII art) rather than as images. Attackers use this method to evade link scanning and image analysis tools that detect malicious URLs embedded in traditional QR code images. The phishing emails often impersonate legitimate services (e.g., DocuSign) and prompt recipients to scan the ASCII art QR code to visit a malicious website and enter corporate credentials. This technique revives an old form of text-based graphics to circumvent modern security controls designed to detect image-based phishing content.

The impact is primarily the risk of credential theft through phishing. Victims who scan the ASCII art QR code may be directed to malicious websites designed to harvest login credentials or other sensitive information. This method attempts to bypass automated security filters, increasing the likelihood that phishing emails reach end users. However, no direct exploitation of software vulnerabilities is involved, and no known exploits in the wild have been reported.

Kaspersky’s secure email gateway includes technology to detect and block ASCII art-based QR code phishing attempts. Organizations should deploy advanced anti-phishing email gateways capable of analyzing both images and text-based QR codes. Endpoint security solutions should be installed on all devices accessing email and the internet. Regular security awareness training is recommended to educate users about modern phishing tactics, including the risks associated with QR codes in emails and the use of ASCII art as a phishing indicator. There is no indication that additional patches or fixes are required.