(Image credit: ZScaler ThreatLabz)
Posted on 08/19/2025 8:39:37 PM PDT by SeekAndFind
Experts have warned hackers recently used a generative AI tool to replicate several web pages belonging to the Brazilian government in an effort to steal sensitive personal information and money.
The fake websites were examined by Zscaler ThreatLabz researchers, who discovered multiple indicators of the use of AI to generate code.
The websites look almost identical to the official sites, with the hackers using SEO poisoning to make the websites appear higher in search results, and therefore seem more legitimate.
(Image credit: ZScaler ThreatLabz)
The two sites appear to be near-identical, with the only major difference being in the website’s URL. The threat actor used ‘govbrs[.]com’ as the URL prefix, mimicking the official URL in a way that would be easily overlooked by those visiting the site. The webpage was also boosted in search results using SEO poisoning, making it appear to be the legitimate site.
Once on the site, the users are invited to enter their CPF number (a form of personal identification number similar to an SSN), which the hacker would ‘authenticate’ using an API.
The victim would then fill out a web form asking for personal information such as name and address, before being asked to schedule psychometric and medical exams as part of the driving application.
The victim would then be prompted to use Pix, Brazil’s instant payment system, to complete their application. The funds would go directly to the hacker’s account.
A second website based on the job board for the Brazilian Ministry of Education lured applicants into handing over their CPF number and completing payments to the hacker. This website used similar URL squatting techniques and SEO poisoning to appear legitimate.
The user would apply to fake job listings, handing over personal information before again being prompted to use the Pix payment system to complete their application.
In ThreatLabz’ technical analysis of both sites, much of the code showed signs of being generated by Deepsite AI using a prompt to copy the official website, such as TailwindCSS styling and highly structured code comments that state “In a real implementation…”
The CSS files of the website also include templated instructions on how to reproduce the government sites.
The ThreatLabz blog concludes, “While these phishing campaigns are currently stealing relatively small amounts of money from victims, similar attacks can be used to cause far more damage. Organizations can reduce the risk by ensuring best practices along with deploying a Zero Trust architecture to minimize the attack surface.”
|
Click here: to donate by Credit Card Or here: to donate by PayPal Or by mail to: Free Republic, LLC - PO Box 9771 - Fresno, CA 93794 Thank you very much and God bless you. |
Lucky I have major skepticism in my little pea brain. I’ve always felt that if I need the govt, I’ll let them know. Otherwise, leave me be.
I learned the hard way to never click an online link to a financial website.
Always go to a financial site through the URL you know to be correct.
I lucked out and figured out my mistake in time.
And it is just getting started. Soon the whole internet will be fake and we won’t know what is real or not. It is going to absolutely ruin the internet and it will become useless...
Destruction of the fooking internet - this is the best what may happen to the mankind. Thank you, hackers!
“this is the best what may happen to the mankind.”
Actually? Other than just communications like here on the FR I wouldn’t mind seeing a whole crash and reset of this digital monster that has been created... Kill it and start over with better safeguards and priorities in place.
If they started executing these hackers this crap would stop.
In a few years even that will not work.
AI will become self replicating.
No humans will be involved in the process at all.
In fact the AI may just be using the stolen funds to pay for the energy it needs for its ongoing functioning.
Same here - any such site I use is already saved as a link.
And even when I get an email from one, I doublecheck the email address it came from and the URLs it wants me to click on.
.
Why use AI when network news already does it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.