CYBERSIXT Signal Over Noise
securityonline.info 6/24/2026, 8:13:39 AM · external

SmartRAT ClickFix targets Brazilian banks with AI spoofed domains

SmartRAT ClickFix targets Brazilian banks with AI spoofed domains
Developing story campaign 13 articles tracked
SmartRAT ClickFix targets Brazilian banks with AI spoofed domains
CyberSIXT Evidence Panel
Primary Source zscaler.com
CVE Intel
CVE-2025-67038 - NVD CISA KEV due 2026-06-26 9.8 CRITICAL Patch Unknown
CVE-2026-34910 - NVD CISA KEV due 2026-06-26 10 CRITICAL Patch Unknown
CVE-2026-34909 - NVD CISA KEV due 2026-06-26 10 CRITICAL Patch Unknown
CVE-2026-34908 - NVD CISA KEV due 2026-06-26 10 CRITICAL Patch Unknown
CISA KEV Listed in KEV
Patch Patch Status Unknown

THE page highlights the detection of four critical vulnerabilities (CVE-2025-67038, CVE-2026-34910, CVE-2026-34909, and CVE-2026-34908) and details a SmartRAT ClickFix malware campaign operated by suspected Brazilian cybercriminals. The malware targets customers of major Brazilian banks, utilizing AI-generated typosquatting domains to impersonate legitimate banking websites. Key infection methods include deploying malicious commands through fake error messages, which lead to remote access and data exfiltration.

The malware establishes persistence and communicates with a command-and-control server while monitoring for bank-related activity to capture user credentials. Defense strategies involve blocking typosquatting domains, monitoring for unusual activity, and educating users against phishing tactics.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline