- Threat actors cloned Brazilian government websites using generative AI
- The sites were used to steal personal information and money
- In both instances, the sites were almost identical, experts warn
Experts have warned hackers recently used a generative AI tool to replicate several web pages belonging to the Brazilian government in an effort to steal sensitive personal information and money.
The fake websites were examined by Zscaler ThreatLabz researchers, who discovered multiple indicators of the use of AI to generate code.
The websites look almost identical to the official sites, with the hackers using SEO poisoning to make the websites appear higher in search results, and therefore seem more legitimate.
AI generated government websites
In the campaign examined by ThreatLabz, two websites were spotted mimicking important government portals. The first was for the State Department of Traffic’s portal for applying for a drivers license.
The two sites appear to be near-identical, with the only major difference being in the website’s URL. The threat actor used ‘govbrs[.]com’ as the URL prefix, mimicking the official URL in a way that would be easily overlooked by those visiting the site. The webpage was also boosted in search results using SEO poisoning, making it appear to be the legitimate site.
Once on the site, the users are invited to enter their CPF number (a form of personal identification number similar to an SSN), which the hacker would ‘authenticate’ using an API.
The victim would then fill out a web form asking for personal information such as name and address, before being asked to schedule psychometric and medical exams as part of the driving application.
The victim would then be prompted to use Pix, Brazil’s instant payment system, to complete their application. The funds would go directly to the hacker’s account.
A second website based on the job board for the Brazilian Ministry of Education lured applicants into handing over their CPF number and completing payments to the hacker. This website used similar URL squatting techniques and SEO poisoning to appear legitimate.
The user would apply to fake job listings, handing over personal information before again being prompted to use the Pix payment system to complete their application.
In ThreatLabz’ technical analysis of both sites, much of the code showed signs of being generated by Deepsite AI using a prompt to copy the official website, such as TailwindCSS styling and highly structured code comments that state “In a real implementation…”
The CSS files of the website also include templated instructions on how to reproduce the government sites.
The ThreatLabz blog concludes, “While these phishing campaigns are currently stealing relatively small amounts of money from victims, similar attacks can be used to cause far more damage. Organizations can reduce the risk by ensuring best practices along with deploying a Zero Trust architecture to minimize the attack surface.”
You might also like
- Take a look at the best identity theft protection tools on offer
- These are the best password managers around right now
- This devious ransomware is able to hijack your system to turn off Microsoft Defender
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.