A new phishing campaign uses generative AI tools to create fraudulent websites mimicking Brazilian government agencies, such as the State Department of Traffic and Ministry of Education. These sites trick users into making unauthorized payments via Brazil's PIX system. The attack employs SEO poisoning for visibility and utilizes advanced techniques like staged data collection. Users are led to submit sensitive information, including CPF numbers. The campaign relies on generative AI signatures suggesting sophisticated development alongside traditional phishing attempts, further indicating a trend towards more advanced cybercriminal methods.
Source code analysis reveals signatures of generative AI tools, such as overly explanatory comments meant to guide developers, non-functional elements that would typically work on an authentic website, and trends like TailwindCSS styling, which is different from the traditional phishing kits used by threat actors.
The end goal of the attacks is to serve bogus forms that collect sensitive personal information, including Cadastro de Pessoas Físicas (CPF) numbers, Brazilian taxpayer identification numbers, residential addresses, and convince them to make a one-time payment of 87.40 reals ($16) to the threat actors via PIX under the guise of completing a psychometric and medical exam or secure a job offer.
Collection
[
|
...
]