In this post, i would like to share one attack method that will take advantage on QR Code which called Quick Response Code Login Jacking (QRLJacking).

QRLJacking is a new method that most people might not even heard before. QRLJacking is a direct and easy social engineering method which expose via session hijacking with all the application that rely highly on the “Login with QR Code” feature.


Source : WhatsApp Accounts QRLJacking and ARP poisoning Injection by Seekurity.com

Exploitation Framework Used for the QRLJacking

All attack vector has its own Exploitation Framework and QRLJacking is one of them too.

Exploitation Framework that can be used for QRLJacking is called QRLJacker where it was customizable exploitation framework in order to presented on how it is not that hard to hijack service within an application especially Mobile Application that mostly depending on the QR Code for authentication login method.

Source: Github QRLJacker

There is a Youtube video that shows how to Installing QRLJacker Framework and how to use the tools to exploit the QR Code.

[embedded content]

Source: Installing QRLJacker framework version 2 and hacking Whatsapp


Even though, its best practice to

Read More: https://threatninja.net/qrljacking-and-qrljacker/