So I thought I pulled a great prank once. I made a QR code that directed to lemonparty. I used an online sticker service's free trial to print a bunch up with my friend's Instagram at the bottom. I travel all over for work so I was going to put them everywhere.

My problem was I printed them in yellow and they wouldn't scan. I told my friend and he thought it was a funny idea just like I knew he would, not a malicious prank. Wish it had worked.

[–] bstix@feddit.dk 0 points 1 week ago

The largest QR code can hold up to 3 kb of data, which is more than enough to write a nasty virus in an injectable script if aimed at specific devices/apps. The main hurdle is breaking the app to execute the code instead of treating it as a string. It's the Drop Bobby Tables joke. Developers hopefully don't fall for this anymore.

Anyway. Making a shitty link and leading people there isn't a new idea. You don't even need a t-shirt. Hackers already place their own printed QR labels on top of otherwise real codes, and the user might not even notice, because they'll be redirected to the right site after the dirty deed is done dirt cheap.

load more comments