Similar to other areas of the world, the coronavirus pandemic has led the Brazilian government to enact policies aimed at decreasing social interaction and the spread of COVID-19 within the country, to include closing restaurants, schools and many stores, and prohibiting sporting events. While deemed necessary, these restrictions have challenged the economic situation of many families and individuals due to the loss of jobs and income.

To alleviate some of this financial strain, the government granted financial assistance to informal workers, low-income families and small entrepreneurship in the form of “coronavouchers.” These government vouchers are distributed monthly in the amount of 600 Brazilian Reals, or approximately USD 150 U.S. dollars at of late May 2020 exchange rates.

Similar to cybercriminal activity X-Force IRIS observed targeting small business loan applicants in the U.S. in April, cybercriminals are targeting Brazil’s coronavirus financial assistance program to take advantage of the situation. The Brazilian government initiative requires some beneficiaries to use electronic portals or mobile apps to formally register and confirm their personal data — communication mechanisms that attackers are targeting heavily for scams, financial fraud or to install malicious software on citizens’ devices.

Based on IBM X-Force IRIS research, cybercriminals are using email, SMS text messages and WhatsApp to deliver malicious URLs of webpages or apps spoofed to appear as legitimate government portals requesting personally identifying information and other sensitive data. After collecting this information from victims, cybercriminals are then able to open bank accounts in victims’ names and even request loans.

Some of the fake apps and webpages require the user to forward a link to all their contacts, thus propagating the attack to additional victims.

The below screenshot shows a WhatsApp message with a link to a fake website, inviting victims to register to receive 200 Brazilian Reals from the government to assist with difficulties encountered by the novel coronavirus, based on IBM X-Force research.