Another scam that diverts payments made by Pix, now into payments made by computers, was identified by the Investigation and Analysis Team at Kaspersky, a digital security company. The fraud, with a similar version on cell phones, redirects funds to criminals and the virus infects consumer and business equipment.

According to Kaspersky, the technique is not new, but it is the first time it has been used for fraudulent payment schemes involving Pix. Identified in December 2022, the fraud has already been blocked more than 10 thousand times.

The previous scheme, also reported by the security company, aimed at instant transactions carried out via cell phone. The new malware, named GoPix, infects desktops and notebooks and uses a different technique to redirect online payments.

Online shopping

According to Fabio Assolini, director of Kaspersky for Latin America, the new scam also affects public and private companies. “We verified that it does not act in transfers between individuals, but only in payments for online purchases”. He says.

In this modality, the retailer generates a charge via Pix for payment. The most common thing is for the customer to copy and paste the code and it is at this point that the key is exchanged to redirect the money to the scammers.

The spread of GoPix occurs through malicious advertisements on the internet, using sponsored links in Google searches made with misspellings for WhatsApp Web. For example, if the user writes WatsApp. There were also frauds using Correios, in the same sponsored links scheme.

“The infection occurs in stages,” says Assolini. After installing GoPix, the malware enters a waiting stage waiting for the victim to make a digital payment via Pix. According to him, since January, the threat has been blocked 10,443 times in Kaspersky products, only for Brazilian customers.

How to avoid the scam

– Fake ads: prioritize organic search results and only download official websites. Infection occurs when the user accesses fake websites

– Digital payment: review the Pix recipient’s name to check if it is the seller’s. ‘Orange’ names are often used to receive payment

– Security: Have a good antivirus installed, as GoPix can identify some of the devices and divert the virus to a compressed folder, for example in zip format