Can QR codes have viruses? A practical safety FAQ

April 21, 2026 · by Paul Maass
safetyfaqphishing

A QR code itself can't carry a virus — it's just a pattern that encodes text. But what it encodes can absolutely point you somewhere malicious. Here's the practical risk and how to deal with it.

Can a QR code contain malware?

No. A QR code is just data — typically a URL — and your phone can't be infected just by reading it.

The risk comes from what the URL points to: phishing sites, drive-by downloads, fake login pages. The QR itself is harmless; the destination matters.

What is "quishing"?

Quishing = QR phishing. An attacker prints or emails a QR code that points to a fake login page or malicious download. Common formats in 2025-2026:

How to scan safely

  1. Most modern phones show you the URL before opening it. iPhone Camera and Android Google Lens both display the destination URL as a preview. Always read it before tapping.
  2. Be suspicious of QR codes in public places — especially payment QRs, parking QRs, restaurant QRs. Look for signs of stickers placed over original signage.
  3. Don't scan QRs in unsolicited emails. If you weren't expecting it, the destination probably isn't trustworthy.
  4. Hesitate on logins. If a QR takes you to a login page, type the company's URL into your browser manually instead. Whatever was being "verified" can be reached through their actual site.

For businesses: protecting your own QRs

If you print QRs on physical materials, occasionally:

What if I already scanned a suspicious QR?

OneDollarQRcodes safety

We don't insert tracking pixels, ads, or interstitial pages between scan and destination. The redirect goes straight to your URL — no surprises. And because our redirect URLs are on a single dedicated domain, you can audit anomalies easily.

Build a safe QR →

Build your own $1 QR code
Custom colors, logo, 3-year guarantee. No subscription.
Start building →