GoPix: The Brazilian Trojan Stealing Your Money Invisibly
Kaspersky issued an alert in March 2026 about the evolution of GoPix, a Brazilian banking trojan active since December 2022. The new version is significantly more dangerous: beyond redirecting corporate Pix transactions, it now manipulates bank payment slips (boletos) and diverts cryptocurrency, all without leaving visible traces.
According to Fabio Assolini, director of Kaspersky's Global Research and Analysis Team for Latin America and Europe, GoPix represents a new generation of financial malware combining advanced evasion techniques with sophisticated social engineering.
How GoPix Infects Your Computer
The attack starts with malicious paid ads on Google disguised as legitimate services like WhatsApp, Chrome, or Correios (Brazilian postal service). The criminal's website first analyzes visitors to verify they're potential targets — Brazilian bank customers, crypto users, or government/enterprise employees — before offering the infected installer.
Three Simultaneous Attack Techniques
Clipboard monitoring: GoPix silently replaces Pix keys, bank slip codes, and crypto wallet addresses when copied and pasted.
Banking traffic interception: Using proxy files (PAC files) pointing to a local server, GoPix intercepts all banking website navigation and alters information in real time.
Fake digital certificate: The most sophisticated technique injects a fake certificate directly into browser memory, making it virtually invisible to conventional security tools. This lets the trojan intercept credentials and transaction amounts.
Why GoPix Is So Hard to Detect
Command and control servers have extremely short lifespans. For Pix and bank slips, GoPix performs transaction monitoring rather than visible data substitution — the user sees the real bank site with valid security indicators while fraud happens behind the scenes. Criminal-controlled wallets have received over R$ 100,000 in crypto transactions.
How to Protect Yourself
- Be suspicious of paid search ads — type URLs directly
- Download software only from official sites
- Verify recipient details before confirming any transaction
- Use updated, reliable antivirus software
- Keep OS and browsers updated
- For crypto transactions, use hardware wallets (Ledger, Trezor)