Google Ads directing to Fake Brave Browser

Disguised ads on Google cleverly misled the downloaders of the Brave browser. They were directed to a website that intended to infect their system with malware. One of the major problems was the smart design of the technique of masking the URL, where the domain is similar to Brave’s but including an accent on ‘’E’.

In order to divert traffic to the desired website, the threat actors got hold of ads on Google. These were displayed whenever surfers searched for browsers on the search engine. As the ads seemed quite benign, they were capable of fooling even the most vigilant users.

Brave is developed by Brave Software, Inc. based on the Chromium web browser and offers free services to its users. After opting for the installation of the browser, Users landed on the malicious site and unknowingly downloaded an ISO file. Where the file installed a copy of the browser, it also installed the ArechClient Malware. 

ArechClient, also known as SectopRAT, steals data from browsers and crypto-wallets, as stated by Security Researcher Bart Blaze.   It was analyzed that it had anti-VM and anti-emulator detection capabilities. This prevented security solution experts from knowing about its malicious abilities. Moreover, a 2019 report claims that it is capable of live streaming the attached machine to the hackers, making it more risky for the users.

In pursuit to minimize the extent of damage, it is highly recommended for users who have accidentally installed this malware to reset passwords of their web accounts. They are also advised to transfer their cryptocurrency funds to new addresses. To stop the attack, Google now claims to have removed the ads after the search engine giant was notified by Brave.

The thing that is most daunting about these attacks is the difficulty in detecting them. There are no defined means to prevent these actions, apart from paying a little more attention to URL.