According to a report published on the Kaspersky blog, the company's security experts detected, in less than 24 hours, the registration of 30 domains with the term "Pix" to send malwares and phishing campaigns to steal data, which can later be used in fraud.

This happened on the day that banks of all of the country sent links to registering on Pix, new eletronic payment system on central bank.
Please note that when Government announced the emergencial aid in April, there was detected 100 domains with the same goal.

"Domain registration is the first stage of the scam and malicious domains were found such as:;; and", said one of the experts.

From domain registration, criminals can use websites to share malwares or put fake sites on web. See ahead the main scams that are being practiced.

1- Scams to carry out malware infection of victim's device

Criminals uses emails, social networks or SMS offering to register in the electronic payment system. By clicking on the link, the victim is directed to this domain, the website offers to download a malicious file, which can change according to the victim's operating system: if the link is accessed by a Windows computer, the download is offered of a .ZIP file with a malicious attachment. However, if the access is from an Android smartphone, it will be a malicious app. Both will install a RAT (remote access tool) that will allow fraudsters to gain remote access to the infected device, or allow the collection of important information.

2. Fake messages that want to steal Internet Banking or Mobile Banking access credentials

In the same way as malware-spreading attacks, email, social media or SMS messages offer Pix registration, but in this case take the victim to a fake banking website. On the fake page, the victim will be asked to access the bank account and will also be asked for authentication codes (tokens) present on the password card or in apps. With this data, criminals can gain access to the victim's bank account and steal their balance, making fraudulent payments or transfers to other accounts.

3. Phishing scams to steal personal data that can be used as Pix keys

The first two types of attacks only use Pix as bait, but the move itself is unrelated to the new system. However, this 3rd type of scam is used to collect victims' personal data that can be used in payment system fraud in the next month. He was initially identified two weeks ago.

The main tip to not fall for these scams is to access only the official channels of the bank in which the user has a relationship, if you have difficulty registering Pix, contact support and/or manager of the institution.