It was ZenGo who noticed it, who communicated it with a blog post at the end of August, while it was cointelegraph to give visibility to the discovery (which had gone unnoticed).
According to ZenGo, as many as four of the top five search results on google for the "bitcoin generator QR" key return scam sites; it is necessary to clarify, for the avoidance of doubt, that this research was conducted in English so it is not known whether the situation is the same for other languages.
In the post published on the ZenGo company blog he also explains the operation of the alleged scam:
"These sites generate a QR code that encodes an address controlled by the scammers, rather than the one requested by the user, thus directing all payments for this QR code to themselves instead of to the user"
Then there is another problem that concerns not those who use QR codes to generate paper wallets but those who use them to manage payments; through these codes, in fact, it is possible to send a payment very easily using a smartphone.
There are, even in this case, much safer ways to do the same thing, trivially a software like Electrum lends itself more than good to the case, but it is even safer to send our bitcoin address to those who must make payment.
To conclude, there are dozens of different ways of dealing with the same need, the fundamental thing is to never rely on online services in relation to whose seriousness we cannot have certainties; as is known, then, the world of the crypto requires a certain degree of responsibility for the user, the community can only advise neophytes and not of those who are the security strategies (in large part simple and elementary to implement) but then certain users prefer to do it their own way and not follow the advice, which abounds on forums and industry sites, at which point those who end up cheated will find very little understanding in the community.