I encountered this for the first time today while attempting to read something on archive.today.

I confirmed that decoding the qrcode using a computer and following the URL it contains is insufficient; the error it gave directed me here which is what the linked screenshot is of.

The old type of captcha remains available too, for now:

screenshot of text: Important: Mobile verification for Google Cloud Fraud Defense is an experimental challenge type in Preview. Visual and audio challenges are available as alternatives for users who can't complete mobile verification. To use them, click the Visual or Audio buttons.

OC writeup by @cypherpunks@lemmy.ml

  • Mikina@programming.dev
    1·
    4 hours ago

    I keep hearing about malicious QR codes, but how does it actually work? Unless there’s a serious vulnerability, how is it different from clicking on any link?

    It has been a few years since I worked as a junior in offensive security, but that has been something I could never figure out when I looked into it.

    Hmm, I guess you could use it for a pretty good phishing attempt. Just show a fake google login page and you’re set, or maybe a fake .apk download “to confirm the captcha”, but other than that, I don’t really see a vector of attack.

    • guywithadeathwish@lemmy.world
      5·
      3 hours ago

      This example might shed some light on how malicious QR codes can work.

      There’s a lot of car parks in my area which have had QR codes stickered to the payment meters, instructing people to use the QR code to pay for their parking. These are council or private car parks, but the code takes you to a site that accurately mimics a usual carpark payment site. So people think they’ve paid for parking, but have actually sent money to a scammer, and they also end up with a fine for non-payment from the entity that actually owns the carpark.