Malware Found in Cache Storage Directory on Mac... How to Prevent?

Description of the issue:
Bitdefender finds malware in the brave directories below. How would one acquire this type of malware and is this directory one of the potential places one would find such malware? I’ve never found malware in 15 years of using a Mac, so curious as I’m careful about all the obvious things like clicking bad links, downloading sketchy apps, etc.

Directory: /Users/MYDIRECTORY/Library/Application Support/BraveSoftware/Brave-Browser/Default/Service Worker/CacheStorage

Operating System and Brave Version(See the About Brave page in the main menu):

Release Notes V1.35.100 (Feb 2, 2022)

MacOS 12.2

Additional Information:

Very interested in the answer to this one. Looks like I’m getting the same thing on my mac. I’m using VIPRE virus scan software. Every time it runs it is finding Trojan.GenericKD.* files present in the cache.

@tracedef , @mdavidson239 ,

Using a Mac Terminal.app window, you might cd [change directory] to

/Users/MYDIRECTORY/Library/Application Support/BraveSoftware/Brave-Browser/Default/Service Worker/

and run at your command line prompt: ls -ale

For “CacheStorage” the result should be something like:

drwx------@ 2 mydirectory staff 68 Feb 9 2020 CacheStorage

In other words, all the permissions are the of the user (rwx [means Read Write Execute] < is OK), not of a group (- - - < is OK), nor everybody (- - - < is OK).

But also pay attention to the date info for “CacheStorage”

You could also do a Get Info on the “CacheStorage” folder. User “mydirectory” should have Read and Write privileges; and “everybody” should have “No Access” privilege.

I would expect the commonly-used caches for Brave Browser, to be in sub-directories of:

/Users/mydirectory/Library/Caches/BraveSoftware/Brave-Browser/Default

Particularly here:

/Users/mydirectory/Library/Caches/BraveSoftware/Brave-Browser/Default/Cache/

Appreciate the feedback but I’m just a layperson, that’s above my pay grade. I just deleted the files.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.