Hackers are now mimicking government websites using AI - everything you need
to know to stay safe

Date:
Mon, 11 Aug 2025 17:31:00 +0000

Description:
Threat actors replicated two Brazilian government sites using Deepsite AI,
and then phished information and stole money.

FULL STORY

Experts have warned hackers recently used a generative AI tool to replicate several web pages belonging to the Brazilian government in an effort to steal sensitive personal information and money.

The fake websites were examined by Zscaler ThreatLabz researchers, who discovered multiple indicators of the use of AI to generate code.

The websites look almost identical to the official sites, with the hackers using SEO poisoning to make the websites appear higher in search results, and therefore seem more legitimate.

AI generated government websites

In the campaign examined by ThreatLabz, two websites were spotted mimicking important government portals. The first was for the State Department of Traffics portal for applying for a drivers license.

The two sites appear to be near-identical, with the only major difference
being in the websites URL. The threat actor used govbrs[.]com as the URL prefix, mimicking the official URL in a way that would be easily overlooked
by those visiting the site. The webpage was also boosted in search results using SEO poisoning, making it appear to be the legitimate site.

Once on the site, the users are invited to enter their CPF number (a form of personal identification number similar to an SSN), which the hacker would authenticate using an API.

The victim would then fill out a web form asking for personal information
such as name and address, before being asked to schedule psychometric and medical exams as part of the driving application.

The victim would then be prompted to use Pix, Brazils instant payment system, to complete their application. The funds would go directly to the hackers account.

A second website based on the job board for the Brazilian Ministry of
Education lured applicants into handing over their CPF number and completing payments to the hacker. This website used similar URL squatting techniques
and SEO poisoning to appear legitimate.

The user would apply to fake job listings, handing over personal information before again being prompted to use the Pix payment system to complete their application.

In ThreatLabz technical analysis of both sites, much of the code showed signs of being generated by Deepsite AI using a prompt to copy the official
website, such as TailwindCSS styling and highly structured code comments that state In a real implementation

The CSS files of the website also include templated instructions on how to reproduce the government sites.

The ThreatLabz blog concludes, While these phishing campaigns are currently stealing relatively small amounts of money from victims, similar attacks can
be used to cause far more damage. Organizations can reduce the risk by
ensuring best practices along with deploying a Zero Trust architecture to minimize the attack surface.

======================================================================
Link to news story: https://www.techradar.com/pro/security/hackers-are-now-mimicking-government-we bsites-using-ai-everything-you-need-to-know-to-stay-safe

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)