Detected Trojan Virus Downloaded in the background while using BRAVE

While only having BRAVE downloaded for a total of 30 minutes, I was notified of a Trojan virus download directly to my BRAVE system cache files. I will throw in some information! Please contact me BRAVE devs so we can resolve the issue. But for the rest of the community here is the information on the file downloaded.

The file C:\Users**********\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_000150=>(INFECTED_JS) is infected with JS:Trojan.JS.Agent.UJY and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean

Brave browser is not at fault here (or any browser, be it firefox, chrome).

This trojan/malware has nothing to do with brave. It is likely that you (as a user) downloaded sketchy application (.exe file) beforehand and ran it. It then must have attached itself to brave to do whatever it was programmed to do (act as a keylogger etc)

On which version of brave are you. Go into settings->About and paste it here.

Brave is open source browser and its code is free to check Also whitehat hackers (good ones) continuously scan brave code to find any vulnerabilities Most of them are found out solved by upstream google’s chromium team (same rendering engine which powers chrome).

It may also be palse positive. Scan your entire system with Malwarebytes (premium mode is free for first 7 days.)

Found a Virus in Brave files - #3 by fmarier (reply from brave security engineer for a similar post)

I would first like to say I don’t believe BRAVE is a bad browser (Considering the 2 weeks worth of research I’ve done on it. Secondly, I had the browser opened for all of 10 minutes, brand new install. Haven’t had the chance to download anything (Including .exe files) No bookmarks or any personalization done to it, and was still triggered by my antivirus. The file was located in the browser cache (probably downloaded site cache) from wherever. I want to say its a possible fluke, but after diving into the JavaScript code, cross-referencing to known Trojan database files and details, it was a legitimate Trojan. I have seen some antivirus software flag some BRAVE temp files as viruses. I just find it a bit odd that I haven’t seen anything until adding Brave to my privacy toolkit. Ill throw some logs and stuff up so you can look, and whoever needs the reference can see them as well.

Current Version -
Version 1.41.100 Chromium: 103.0.5060.134 (Official Build) (64-bit)

System secs. - Running on a surface book 3 15 inch with the i5.


-Log Details-
Scan Date: 7/27/22
Scan Time: 8:19 PM
Log File: b8e1392a-0dd8-11ed-8c87-00ff304d2364.json

-Software Information-
Components Version: 1.0.1716
Update Package Version: 1.0.57825
License: Trial

-System Information-
OS: Windows 11 (Build 22000.832)
CPU: x64
File System: NTFS
User: BELSURFACE3\bnb12

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 282963
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 5 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


Anytime you visit a site, downloading is occurring, be it HTML, JavaScript, and so on.

Then with the JavaScript, typically this is executed by your browser. JS can be malicious. Example:

So this JS file could have been picked up from just about anywhere you browsed within those 10 minutes.

I believe it. Its crazy how easy it is nowadays to get into information systems and gather intel.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.