In Brazil, scammers see the coronavirus as a serious money-making opportunity

IBM has uncovered nearly 700 malicious websites related to COVID-19 in Brazil in recent months.
brazil coronavirus scams
A bus driver in Pernambuco, Brazil, wears a face mask with Brazil's flag. Crooks in Brazil are impersonating government apps used to sign up for financial relief and sending people a flurry of text and email messages asking them to hand over their data. (Getty Images)

Brazilian President Jair Bolsonaro’s critics say he hasn’t taken the impact of the coronavirus seriously. The same can’t be said for Brazil’s cybercriminals.

As deaths from the virus have surged past 66,000 in Brazil, scammers have set up new infrastructure to dupe people who are desperate for relief, and have set up bank accounts in their names. At a time when even more people in South America’s biggest country are glued to their phones or computers, Brazil’s already-flourishing cybercriminal economy has been busy.

“Scam operations have been highly effective in Brazil, from the first announcement of the government assistance program,” Jefferson Macedo, managing consultant on IBM’s X-Force security team, told CyberScoop.

IBM has uncovered nearly 700 malicious websites related to COVID-19, the disease caused by the virus, in recent months. The crooks are impersonating government apps used to sign up for financial relief and sending people a flurry of text and email messages asking them to hand over their data.


Bolsonaro, who was diagnosed with COVID-19 this week, has previously declined to wear a mask and dismissed the virus as akin to the flu. But Brazilian authorities are still distributing health equipment and economic aid in response to the virus, and crooks are exploiting people seeking that relief.

The data underscores Brazil’s longstanding struggles with cybercrime. In the last several years, the Brazilian financial sector has had to deal with multiple versions of malware designed to steal customers’ credentials. One of those hacking tools — known as the Boleto trojan — has reportedly caused hundreds of millions of dollars in losses.

“Cybercrime groups in Brazil are creative and highly motivated to find different ways to infiltrate people’s daily activities to make money,” said Macedo, who is based in São Paulo, Brazil’s largest city.

Embassy warns Americans in Brazil of scams

The IBM researchers found that scammers have used popular platforms like WhatsApp in Brazil to propagate malicious software. In some cases, Macedo said, the hackers are stealing contact lists from WhatsApp users and sending requests for money to recover from the virus. The crooks are even using promotional codes from TV shows and live music events to try to rip people off.


While Brazil is known to have a vibrant set of underground cybercriminal forums where hackers can swap techniques, those forums have been relatively quiet on the subject of COVID-19 scams, according to threat-intelligence firm Recorded Future.

Instead, many recent Brazilian scams have been out in the open, including the targeting of people’s personal data through phony Facebook pages and messages, according to researchers. In data prepared for CyberScoop, Recorded Future also found that Brazilian crooks were using the messaging platform Telegram to offer “coronavirus promotions,” or discounted rates for stolen credit card information.

Macedo said Brazilian authorities were trying to raise awareness about the scams, but more could be done. U.S. prosecutors are trying to help.

In March, there was a 124% increase in cyberattacks on mobile devices in Brazil, claimed Daniel Ackerman, a Department of Justice prosecutor based at the U.S. consulate in São Paulo. He advises Brazilian authorities on how to crack down on malicious hackers.

“Are you a U.S. citizen in Brazil?” Ackerman said in a YouTube video distributed by the U.S. embassy. “If so, do you realize that you could be a victim of cybercrime here just as easily as in the United States?”

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts