The rapidly growing popularity of the Brazilian instant payments system Pix has caught the attention of cybercriminals, who are now exploiting this new malicious software for illegal profit.
According to Kaspersky Laboratory, they have been tracking this malware since December 2022. The cyberattacks occur through malicious advertisements that are shown to users searching for “WhatsApp Web” on search engines. When users click on these advertisements, they are redirected to a harmful page.
Similar to previous advertising campaigns, users who fall for the fake announcement are redirected through a masking service designed to filter sandboxes, bots, and other individuals who do not fit the criteria of the intended victims.
It is worth noting that the malware may be loaded from two different sources. The URL was initially created to indicate the location of various files on the Internet, but overtime it began to be used to designate the addresses of all resources, regardless of their type.