eScan cybersecurity solutions, has announced a significant enhancement to its eScan Enterprise Data Loss Prevention (DLP) platform: automated QR code and Data Matrix barcode scanning. The feature addresses a vulnerability that security researchers have identified as a blind spot in current enterprise data protection systems.
The timing is notable. In October 2025, Barracuda Networks researchers documented over half a million phishing emails containing QR codes embedded in PDF attachments in just a three-month period. More recently, a 2025 IEEE research paper analyzing many DLP solutions found that most cannot detect data exfiltration attempts via QR codes, describing the gap as a “significant vulnerability” where sensitive information hidden in visual codes goes undetected.
“We noticed something our customers were telling us,” said Govind Rammurthy, CEO of MicroWorld Technologies. “Employees were finding creative ways to bypass DLP controls, and QR codes kept coming up in security audits. When we looked at what other vendors were doing, we were surprised to find they weren’t scanning barcodes at all.”
The new eScan capability automatically decodes QR codes and Data Matrix barcodes embedded in images across email attachments webs uploads, and files transfers. The system applies the same content inspection rules used for text documents – scanning for credit card numbers, Aadhaar and PAN numbers, intellectual property, and other sensitive data patterns. It also identifies suspicious encrypted content that may indicate deliberate obfuscation attempts.
According to Keepnet Labs, quishing – phishing via QR codes – increased 25% in 2025, with only 36% of such attacks being properly identified. The research firm noted that nearly 29% of phishing emails in energy, manufacturing, and retail sectors now contain malicious QR codes. While those attacks focus on credential theft, security experts have warned that the same technology enables data exfiltration.
The IEEE study, presented at the 2025 Computing and Communication Workshop, tested how QR codes could covertly encode and extract corporate data. Researchers found that DLP systems designed to catch unauthorized file transfers, emails, and uploads typically missed data concealed in QR codes because the systems weren’t programmed to decode visual information beyond optical character recognition (OCR).
eScan’s implementation supports both QR codes – now ubiquitous in daily commerce – and Data Matrix barcodes commonly used in manufacturing and logistics. The system includes timeout protections to maintain scanning performance and can flag patterns suggesting encrypted content, which helps security teams identify potentially malicious activity even when the data itself is obscured.
The company says the feature works without additional hardware or significant performance impact. IT administrators can enable barcode scanning through the eScan DLP management.
MicroWorld Technologies has served enterprise customers for 25 years across more than 90 countries. The company’s research and development team employs over 300 people and focuses on addressing practical security gaps that emerge as workplace technology evolves.