At least 81 percent of Americans now own a smartphone, and nearly all of those devices can natively read QR codes with no third-party app required. A malicious QR code can direct a user to a fake website or install malicious software on a smartphone that initiates actions like this: Write an email, send a malicious text, and target the user s work if the device lacks mobile threat protection. Hackers have figured out a far easier way to embed malicious software in QR codes.
Source: https://threatpost.com/qr-codes-sneaky-security-threat/159757/