Since the malware’s release, its developers have added many new features, such as encrypted communications with C2 servers and stealing browser history from Firefox and Chrome. When a user clicked on the Download Brave tab, malware known as SectopRat (aka 1xxbot, Asatafar, or ArechClient) got downloaded on their device instead of the browser.Īccording to cybersecurity firm G Data, which discovered the malware back in 2019, SectopRat could stream a user’s existing desktop and create another invisible desktop for the attackers to use. Image credit: Jonathan Sampson Fake Brave Website Delivering Malware Therefore, users of the fake website had difficulty distinguishing between the two sites as both appeared legitimate Brave sites.
The site had an accent over the letter ‘e,’ which was the only dissimilarity, while the rest of the domain was eerily similar to Brave’s original website. This domain used Punycode to denote brave browser as bravėcom. The threat actors tried to spread malware to visitors by registering a domain xn-brav-yvacom. Threat actors used Google Ads to buy top slots on Google search engine to advertise fake Brave browser websites which delivered malware as the browser’s download file.Īccording to one of the Brave browser’s developers Jonathan Sampson, a fake Brave browser website was featured at the top of Google search results after threat actors exploited Google ads to spread data-stealing malware.
0 kommentar(er)
