Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware
Oct 25, 2023
Malvertising / Banking Trojan
The popularity of Brazil's PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX . Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious ads that are served when potential victims search for "WhatsApp web" on search engines. "The cybercriminals employ malvertising: their links are placed in the ad section of the search results, so the user sees them first," the Russian cybersecurity vendor said . "If they click such a link, a redirection follows, with the user ending up on the malware landing page." As other malvertising campaigns observed recently, users who click on the ad will be redirected via a cloaking service that is meant to filter sandboxes, bots, and others not deemed to be genuine victims. This is accomplished by using a legitimate fraud prevention solution known as IPQu