The Brave website impersonator successfully made it on top of Google search results after using the ads platform of the tech titan. The fake site spreads malware to its users.
The bad actors behind the fake webpage of the Brave browser, which is dubbed as another potential rival of Chrome, found a clever way to expand their victims by exploiting the Google search results.
As per GizChina, Google search is the go-to platform of the great majority whenever they find themselves looking for reputable information online, such as details about a person, specifications and price of a product, and even new-found apps like Brave.
However, this time around, users of the popular search engine, who trust the platform's credibility, were caught in a scam.
Brave Website Impersonator and Google Ads
Arstechnica spotted that a fake Brave.com is being pushed further with the help of Google ads, suggesting that even the tech-savvy users of the platform are likely to fall for it.
The outlet further exposed the clever tactics of the scammers, revealing that the bad actors registered a domain that displays "bravè.com" via the address bar of a browser. The scammers used a code called Punycode to mask the registered domain "xn--brav-yva[.]com" to be similar to the real Brave website.
As such, even cautious internet users could possibly end up clicking the clever replica of the official website.
It is worth noting that the Brave website impersonator is on top of the real page of the browser in the search results as that is how Google ads work.
However, the displayed domain on Google is mckelveytees.com, which is another site that focuses on retailing apparel.
Brave Website Impersonator with Malware
The fake website is home to malware that has the power to steal sensitive data and control a browser.
Users opening the Brave impersonator will activate the virus upon clicking the orange "Download Brave" button on the center of the page. Then, instead of getting the installer for the browser, users will instead enable the bad actors to steal their data.
The web developer of Brave, Jonathan Sampson, said that the orange button downloads an ISO image with 303MB size that carries a single executable to plant the malware.
The virus inside the Brave replica is an old malware that goes by multiple names, such as SectopRat and ArechClient.
A German security software company, G Data, analyzed the notorious malware in 2019, saying that it found out that the trojan can access the desktop of a victim.
In February, the security firm made a follow-up research, adding that the virus has been updated with additional features, like stealing Chrome and Firefox browser history and profiling the system.
Elsewhere, hackers used Discord to spread over 14,000 malware URLs.
Related Article : TrickBot Malware Comes with New 'tvncDll' Module That Will Infect Systems, Install More Virus to the Machines
This article is owned by Tech Times
Written by Teejay Boris