QR codes can be used for malicious purposes. When people scan a code on their phones, they believe it is performing a valid service. However, scanning a QR code can cause malware to be installed in the device. QR codes can be used for phishing, and the small screens on phones allow for only a limited view of a website, which makes it look legitimate. The small screen also hides a lengthy URL so that the address in view seems valid.
QR codes can extract a user's contact list for spam or other nefarious purposes. They can also be used to pinpoint a user's location and create a calendar event, both of which can be used in conjunction with other attack methods to rob the user. A QR code can be used to gain control of an app or the OS itself. In summary, although the overwhelming majority of QR codes are used for legitimate purposes, some do serve to attack the device. See QR code
, attack vector