As most people know, QR codes are convenient way of linking data to anyone with a QR scanner. Most of the time are harmless and are just used as advertising to send you to a product’s website.
However, it’s very easy to use QR codes maliciously. One can set up QR code that links to malicious server using metaspoit. Then when a phone scans the code, they are sent to the site which can steal host files or contacts and even install malware.
So be careful what you scan. One of the disadvantages of QR codes is that you don’t know what you are really scanning until you scan it. So never use a scanner that automatically forwards to the data without telling you where you are going and asking for confirmation.
Source with more detailed information: http://kaoticoneutral.blogspot.com/2011/09/using-qr-tags-to-attack-smartphones_10.html