TROJAN in Brave browser


this is what i found today while scanning my computer:

what do you have to say about it?



any admins here? i need your comments ! what is wrong with brave right now?



I checked for that location on my install (installed browser today) and see:


Maybe take the file it shows as infected and try it at Jotti - maybe false postive:

If 0 or only 1 or 2 show positive - probably false positive.

1 Like


i dont get what you’re trying to tell me… have you seen my screenshot? windows defender found a trojan in brave so it is NOT CLEAN on my computer. do you need anything more clear than a screenshot?!
i havent heard from the admins here yet!! are you not interested that i found a trojan in your browser??? still no comments??? have you checked it ? will you bother to give your official statement? i want to know whether you confirm or deny the issue i reported. is it just a WD’s problem or there is something really wrong with the browser. currently brave uninstalled, waiting for your official statement.



I think it’s pretty clear what I am telling you.

A “fresh” Brave installation contains no virus or trojans. “It’s clean” -per MS antivirus.
As mentioned I JUST installed it. Then scanned it after seeing your post.

The file you reference is a cache file as the Path would indicate if you googled the location/path.

It ‘comes’ from Internet. It’s where it caches files as you browse. Those files in the “cache” WERE NOT installed by Brave. You put them there, as it were.



Looks like there’s a file in your cache which is setting off Windows Defender. It’s probably related to a site you visited. I’d need a copy of that file to investigate further.



Don’t have anything to contribute to the actual problem but wanted to state that having an attitude the way that you do isn’t helping anyone. Lighten up @ada111 .



In response to the @ada111 and @toml

I would like to add a possible thing about the issue:
It’s likely that there is some type of extension installed that the antivirus thinks is a trojan (yeap, had tons of those on my gf’s Chrome and Chromium (both Win and *buntus)).

The probable solution to this is to either:

  1. Remove ALL extensions from the browser, then restart it, and check if the a/v goes blabbering about it or…
  2. Send the files for analysis to the a/v vendor

I’m not sure if it’s possible to do the latter in Defender (jeez, they know how to make it harder), but I’m quite sure that this may be the solution to the issue.

FYI Some extensions use tracking (like fetching your FB data to e.g. make reposts) or forcefully make changes to website data (like stylers that override css to give sites a more custom look) – these may be considered as viruses by some a/v’s. So try giving it a shot.

Hope this helps!



That’s very helpful, but the screenshot the OP posted clearly shows the file flagged by Defender is in the cache directory, and so is almost certainly on the OP’s computer as a result of browsing to a site that put that file on OP’s machine, unless some extensions also put files in the cache directory. Either way, though, it’s not a part of Brave’s code.



We’re looking into this now but I can nearly guarntee you the file is directly related to tor or tor functionality.

This has been the case every time Brave binaries are downloaded/installed. I’ll be sure to confirm this (or confirm that it’s not this) when I have more information.



I had a similar event happen in windows security essentials some tojran inside of the brave windows program files i reinstalled and cleared etc but like op it was already a fresh install



any news from brave support???



Sorry for the delay in response.
@ada111, as @toml mentioned, something in your cache is getting flagged. This is strange because if it’s in cache, it’s likely related to your browsing data - that is, your activity online [may have] added this flagged file rather than your AV flagging something packaged with Brave itself.

IIRC, you’ve been using Brave for a bit now and I’m assuming this is the first/only time you’ve seen something flagged in cache, correct? This would track with the above theory, otherwise this cache file would have been flagged previously as well.

Would you be okay sharing that particular file with our Devs so we can take a look and try and diagnose what the underlying issue is?



Agreed… it is in the browser cache section, where websites drop things on your system… In other words, one of the websites dropped a virus on the system.



it boggles me how people can act like this about such a simple situation and still act like an ass when the community tries to help them.



Exactly… or even if it didn’t drop and active file on the system… The code for the virus showed up in one of the Brave data files for that page



I’d upload my stuff or logs I think it’s been since taken care of but a. I want to make sure it is B. Make sure what happened is a cache related attack? C. And the fallout of the malicious threat etc etc please help…



Could said cache attack or drive by malware effect chrome also? Would it sync to mobile or vice versa and or live in the synced data? How can I make sure it’s not stuck in my cache or being synced etc?


closed #20

This topic was automatically closed after 30 days. New replies are no longer allowed.