Nope, checked their address when it popped up and was sceptical because of a) the weird crash and b) it not being just brave.com - not to mention I was already using Brave to open the page so clearly I didn’t need to install it again.
Have switched to Firefox for the moment as I’m still quite skeptical about the whole situation. I mean, maybe Brave just crashed and applied a legit update as it restarted, but the whole being locked out of my wallet and unexpected question to create an account for Brave (?!) before being able to use it appears very suspicious to me.
As for my suspicion that somehow the auto-update function had been abused, note that I am not versed in programming or software maintenance in general so that’s really just a wild guess by a non-professional. More guessing: IF the autoupdater was abused, maybe that could be done with the spoofed certificates AsAboveSoBelow mentioned?
It’s super weird – very glad that you reported to us. It might be nothing. If anything, bravebrowsers.com may have been putting out a Brave installer that had been tampered with. Our security team will definitely take a look.
One last update – this publisher has now been totally banned from our system. There’s not much we can do in terms of taking the offending site down (we’ll certainly try though!)
@Asad I doubt it considering how many red flags that site gave off to Virustotal about it being loaded with scripts. I saw a video the other day about certain sites that inject scripts that a used as a trojan dropper without downloading anything.
Again, I’m just a hobbyist malware analyst and dev, so I’m not a certified expert. But I know sketchy when I see it.
A final note is that this tampered browser specifically looks for debuggers active, so it has the ability to sense if I’m trying to pick it apart with IDA or not. THAT part weirds me out. Maybe contact wordpress with a DCMA notice considering it’s their webhosting and Brave Browser is a company, it can in theory be taken down by legality on wordpress’s end. That’s not only illegal due to brand copywriting, but just immoral that some hackers may be compromising Brave’s browser in itself.
If there’s any way I can assist either of you further, do not hesitate to (at) me.
-AASB
Yup, sec team is taking a look right now. We’re with ya on the sketchiness. Thanks for the help!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.