Today I got hacked by attempting to download brave browser. I clicked on the first link and installed the software but the icon after installing wasn’t the brave icon, but instead it looked like another installation icon, immediately with suspicion i opened the chrome to see it, and it was actually braves-apps dot org website from which I downloaded. I was extremely confused how would I be so dum to click on such website when I know the official website is brave dot com. So I closed chrome, and reopened it, and typed Brave download, And I was looking and looking to try and find the result of the page on which i clicked and i was not able to find it anywhere, Immediately downloaded malwarebytes and it found only 6 trojans. The problem continues as it constantly blocked an Ip address which tries to use MSBuild.exe. In app history there’s always Brave (installation icon) and I had no way of disabling it, it was not in windows startup yet it autolaunches, malwarebytes nor windows defender seem to detect it, so I was forced to do fresh windows install even if it already did some privacy damage perhaps.
I went to my main computer and I tried to replicate my actions, i went to google chrome, i typed Brave download, first link is sponsored link and it was “www dot brave dot com”, that’s where I realized that “www” might be completely different site, and indeed it was, as soon as i clicked, it redirected me to braves-apps, which looks almost identical to original braves dot com, the next attempt i tried clicking on sponsored link, it redirects me to original website, so I’m assuming they use some sort of caching to store data in your pc, and checks if you’re already entered their website once, if you haven’t, they will direct you to their phishing website, if you already been to their website, they will redirect you to the official brave dot com website and thus almost making them impossible to catch. The ad was run from Estonia. I will add screen recording, of the first attempt, other attempts simply redirect me to original website. I’m surprised I got tricked, you can never be cautious enough apparently.
