According to Australian security technology distributor AVG Technologies, "Putting a malicious QR code sticker onto existing marketing material or replacing a website's bona fide QR code with a malicious one could be enough to trick many unsuspecting people'¦This new technique is expected to gain momentum in 2012 and beyond, as the user does not know what lies behind the QR code until the malware is already installed and running.

"For example a QR code could be used to download malware that directs the phone to send text messages to premium SMS numbers.'

AVG says, in its Community Powered Threat Report  for Q4 2011: "Malware targeting mobile devices evolves frighteningly fast and has the potential of being even more destructive than before'¦While consumers are going mobile, so are the cyber criminals. We have witnessed the use of the same malicious intent tactics targeting mobile devices: social engineering, stolen or fake certificates to sign malware, root kits and other tactics."

AVG's CTO, Yuval Ben-Itzhak, said: "As phones become more like computers, so do the risks. Many sophisticated tricks of the trade from computers are now being repurposed for phones. However, as phones are often tied into billing systems the gains can be far greater."

The report also warns that digital signatures attached to Android applications offer little guarantee of trust "Stealing or faking a private key of a trusted source (developer), will allow cyber criminals to sign their malicious applications with the same key as the trusted developer," it says.

"By doing so, the cyber criminal could sign and distribute applications that maliciously replace the authentic applications or corrupt them."