Malware page repeatedly asked to download a file


#1

I’m using Brave on a Mac laptop. I was reading some dubious political site. Shields were up, in Brave (orange lion icon). I clicked in the wrong place, on what was an advertisement. To my surprise, it was one of those “MICROSOFT SECURITY WARNING” malware scam sites.

The URL (it is now offline): http://167.99.56.226/ch/

Brave did its job well, preventing any damage from this malware site. The browser stayed in one place, preventing full screen maximization. It became sluggish, though, perhaps high CPU usage, and the page was trying to prevent me from closing it. The most effective thing the page did, though, was repeatedly try to force the download of a file.

Unfortunately, Brave’s file download box is modal. It kept asking me where I wanted to save the file. It made it difficult to use other browser tabs, because it kept popping up. When I hit Cancel, the malware webpage would immediately open another download request. I had a very short window of time, less than half a second, in which to frantically type Command-W to close the page. It eventually worked, and I could close the page.

No screenshots, unfortunately, because I was in such a hurry to close the page before it could do any more harm.

Suggestion: Rate limit how often the webpage is allowed to make requests that open modal dialog boxes, such as file download requests. If user hits Cancel, disallow the page from popping another modal box up again, for a number of seconds, to give the user some time to kill a malware page that is repeatedly popping up these boxes.

Brave: 0.23.31
V8: 6.7.288.46
rev: 3148acef36dba0fce89108638bb27927c4937f90
Muon: 7.1.5
OS Release: 17.7.0
Update Channel: Release
OS Architecture: x64
OS Platform: macOS
Node.js: 7.9.0
Tor: 0.3.3.7 (git-035a35178c92da94)
Brave Sync: v1.4.2
libchromiumcontent: 67.0.3396.103

Thanks for reading this!

Josh