GenAI Used to Impersonate Brazil's Government Websites

Aug. 10, 2025, 8:51 p.m.

Description

Threat actors are leveraging generative AI tools like DeepSite AI and BlackBox AI to create phishing templates that closely mimic official Brazilian government websites, such as the State Department of Traffic and Ministry of Education. These malicious replicas are boosted in search results using SEO poisoning techniques. The phishing pages collect sensitive personal data, including CPF numbers and addresses, validating the information through APIs to build credibility. The ultimate goal is to trick victims into making payments via Pix, Brazil's instant payment system. Technical analysis reveals AI-generated source code signatures, including TailwindCSS styling, explanatory comments, and non-functional elements. The campaign demonstrates the evolving sophistication of phishing attacks empowered by generative AI tools.

External References

https://www.zscaler.com/blogs/security-research/genai-used-phishing-websites-impersonating-brazil-s-government
https://otx.alienvault.com/pulse/6896279970e62c2bef3c1a32
Tags
phishing
seo poisoning
brazil
government impersonation
2025-08-08
deepsite ai
blackbox ai
pix payment
generative ai

Date

  • Created: Aug. 8, 2025, 4:36 p.m.
  • Published: Aug. 8, 2025, 4:36 p.m.
  • Modified: Aug. 10, 2025, 8:51 p.m.

Indicators

  • govbr.agenteeducacao.org
  • gov.ministerioeduca.com
  • govbrs.com
  • gov.agentedaeducacao.top
  • gov-brs.com
  • agentesdaeducacao.com.br
  • agentedaeducacao.top
Download all indicators here!

Attack Patterns

Additional Informations

  • Transportation
  • Education
  • Government
  • Brazil