Malvertising Campaign Targets Brazil’s PIX Payment System with GoPIX Malware

Threat actors are exploiting Brazil’s popular instant payment system PIX with a new malware called GoPIX. Cybersecurity firm Kaspersky says the malware is spread via deceitful ads that appear when users search for “WhatsApp web”. Links in the ad lead users to the malware’s landing page. The malware targets PIX payment requests, replacing them with attacker-controlled PIX strings. It also supports Bitcoin and Ethereum wallet address substitutions. Campaigns like these have also been targeting users searching for apps like Telegram and WhatsApp.