- Threat actors cloned websites from the Brazilian government using generative
- The sites were used to steal personal information and money.
- In both cases, the sites were almost identical, experts warn
Experts have warned that hackers recently used a generative AI tool to replicate several web pages that belong to the Brazilian government in an effort to steal confidential personal information and money.
False websites were examined by Zscaler Adse researchers, who discovered multiple indicators of the use of AI to generate code.
Websites are almost identical to official sites, with computer pirates who use SEO poisoning to make websites look higher in search results and, therefore, seem more legitimate.
AI generated government websites
In the campaign examined by Menazlabz, two websites were detected imitating important government portals. The first was for the State Traffic Department portal to request a driver’s license.
The two sites seem to be almost identical, with the only important difference in the URL of the website. The threat actor used ‘Govbrs[.]com ‘like URL’s prefix, imitating the official URL in a way that would easily be overlooked by those who visit the site. The website was also promoted in search results using SEO poisoning, which makes the legitimate site look like.
Once on the site, users are invited to enter their CPF number (a personal identification number similar to a SSN), which the hacker ‘would authenticate’ using an API.
Then, the victim would complete a web form that requests personal information such as name and address, before he was asked to program psychometric and medical exams as part of the driving application.
Then the victim would be asked to use Pix, the Brazilian instant payment system, to complete their application. The funds would go directly to the hacker account.
A second website based on the Labor Board for the Ministry of Education of Brazil attracted the applicants to deliver their CPF number and complete the hacker payments. This website used similar URL techniques in squatting and SEO poisoning to look legitimate.
The user would apply to false work listings, delivering personal information before it is requested to use the PX payment system to complete its application.
In the technical analysis of ameniclabz of both sites, much of the code showed signs of being generated by AI of Deepsite using a notice to copy the official website, such as the Tailwindcss style and the highly structured code comments that indicate “in a real implementation …”
The CSS files of the website also include instructions placed on how to reproduce government sites.
The Blog Menazlabz concludes: “While these phishing campaigns are stealing relatively small amounts of victims’ money, similar attacks can be used to cause much more damage. Organizations can reduce the risk by guaranteeing best practices along with the deployment of a zero confidence architecture to minimize the surface of the attack.”
