PUA.OSX.CoinMiner.1.r detection in the Brave Browse for Mac


#1

Hallo Community,
I’ve read about the potential of Brave Browser so I decided to give it a try.

Anyway my WebRoot Secure Anywhere for Mac found a malicious content in it.

Can I have your kind update?

x

Thanks to all


Brave making antimalware service executable hogging all the cpu usage
#2

cc @kamil and @clifton on this.


#3

Are you sure you downloaded brave from brave.com? The kind of malware we are dealing here PUA.OSX.CoinMiner.1.r is a cryptocurrency generator/miner. Malicious actors use these to infect other people’s machine & exploit their resources for profit. The kind of threat you’ve got shall use your resources (CPU & GPU) upto 90% which is not good for a healthy computer.

If you’ve downloaded the brave from https://www.brave.com/, I’m afraid to say that devs @kamil @LaurenWags @sriram @clifton have to look up for this issue asap since another user @BeepBoop123 also recently got a detection of cryptominer malware on Mac this week.

Chances of this being a false positive could be minimal since not only Webroot, but TrendMicro detected a cryptominer. both of these are good security suites with minor chances of producing false positives, especially TrendMicro

Topic can be looked up here :


#4

Dear bob-vagene,

In order to double check I re/download from brave.com and I had again the same result. the installation file seams infected with the file mentioned.


#5

Was it FP guys or did u got infected ? #Brave


#6

@GeoSquid did u find anything new about it ? FP ? AV results ?


#7

We’re aware of the problem and have https://github.com/brave/browser-laptop/issues/13687 opened. There’s no malicious content within Brave. Here’s a snippet from the above bug from jonathansampson who’s been in touch with the Webroot team:

I was pinged today by a member of the Webroot team regarding this; from what we understand, the AV is alarmed at the presence of certain strings within the Brave application. One such string was “nicehash.com”, which exists in a list of URLs as part of our ledger/publisher code-base.


Brave making antimalware service executable hogging all the cpu usage
#8

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.