PUA.OSX.CoinMiner.1.r detection in the Brave Browse for Mac


Hallo Community,
I’ve read about the potential of Brave Browser so I decided to give it a try.

Anyway my WebRoot Secure Anywhere for Mac found a malicious content in it.

Can I have your kind update?


Thanks to all

Brave making antimalware service executable hogging all the cpu usage

cc @kamil and @clifton on this.


Are you sure you downloaded brave from brave.com? The kind of malware we are dealing here PUA.OSX.CoinMiner.1.r is a cryptocurrency generator/miner. Malicious actors use these to infect other people’s machine & exploit their resources for profit. The kind of threat you’ve got shall use your resources (CPU & GPU) upto 90% which is not good for a healthy computer.

If you’ve downloaded the brave from https://www.brave.com/, I’m afraid to say that devs @kamil @LaurenWags @sriram @clifton have to look up for this issue asap since another user @BeepBoop123 also recently got a detection of cryptominer malware on Mac this week.

Chances of this being a false positive could be minimal since not only Webroot, but TrendMicro detected a cryptominer. both of these are good security suites with minor chances of producing false positives, especially TrendMicro

Topic can be looked up here :


Dear bob-vagene,

In order to double check I re/download from brave.com and I had again the same result. the installation file seams infected with the file mentioned.


Was it FP guys or did u got infected ? #Brave


@GeoSquid did u find anything new about it ? FP ? AV results ?


We’re aware of the problem and have https://github.com/brave/browser-laptop/issues/13687 opened. There’s no malicious content within Brave. Here’s a snippet from the above bug from jonathansampson who’s been in touch with the Webroot team:

I was pinged today by a member of the Webroot team regarding this; from what we understand, the AV is alarmed at the presence of certain strings within the Brave application. One such string was “nicehash.com”, which exists in a list of URLs as part of our ledger/publisher code-base.

Brave making antimalware service executable hogging all the cpu usage
closed #8

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.