Virus triggered by Ad Click

I received the following alert from my antivirus software after clicking on an ad sent to me at 11:58 AM EST:

"An infected file attempted to run on your device.

Threat name: JS:Trojan.Cryxos.2870

Path: /Users/sengravalle/Library/Caches/BraveSoftware/Brave-Browser/Profile 4/Cache/b72c0372b38e2f10_0=>(REMOVED_NULLS)=>(INFECTED_JS)

We deleted the file to prevent malicious commands from being executed on your device."


Description of the issue:
JS:Trojan.Cryxos.2870 triggered from Brave Rewards ad click on Mac OS.

How can this issue be reproduced?

  1. Click similar ads.
  2. Received a second similar alert on another Brave profile as well

Expected result:
No Trojans from an ad click

Brave Version( check About Brave):
Version 1.13.82 Chromium: 85.0.4183.83 (Official Build) (64-bit)
Additional Information:

that interesting i would like to see the answer thanks for sharing that

Can you tell us which ad you clicked, so we can check its target URL? You should be able to see the history of ads displayed within brave://rewards on your machine; click the 7-Day Ads History link at the bottom-right of the Ads component.

From a cursory bit of reading, it sounds like you may have encountered a malicious script which directs you to a page suggesting you have a virus or some other problem with your device, and requests that you call “Microsoft” or another company to resolve the issue.

The folks over at f-secure have more information on this class of Trojan. If we can determine which link you clicked, we should be able to identify which page (belonging to an advertiser) may be infected. These types of scripts are commonly encountered when a domain or URL is typed incorrectly. Either way, I hope we can help shed some light on this quickly, and see to it that everything is okay.

Thank you!

2 Likes