This sneaky tactic was used to push malware and trick unsuspecting users
Wednesday, August 4, 2021 by Tatiora | Discussion: Personal Computing
The Internet can be a tricky place to navigate.
I talked a little bit about keeping your PC secure in a blog last week, but to be honest I barely scratched the surface when talking about all the different ways hackers and malware are clamoring to get to your personal information. ArsTechnica reported this week that some hackers impersonated the site Brave.com and pushed malware to unsuspecting users. Their technique was so sneaky that the faux site was capable of fooling even the most security-savvy users.
Brave, a privacy-focused web browser, has become a popular alternative for plenty of people looking to surf the 'net a little more safely. Cybercriminals registered the domain xn--brav-yva[.]com which used punycode to represent brave(dot)com. The phony domain appears quite similar to Brave's own website to an undiscerning eye because of a tiny little accent that was placed over the 'e'. Users who visited the fake site would have a difficult time differentiating between what's real and fake since the cybercriminals were adept at mimicking the look and feel of Brave's legitimate website.
When a user would click the "download brave" button on the fake site, a malware known as both ArechClient and SectopRat would download instead of the browser.
The cybercriminals drove traffic to their fake site by purchasing Google ads that were then shown when users would search for browsers. While the ads themselves didn't look dangerous, they came from a domain other than Brave's and would send users to several different domains before eventually landing on the imposter site.
A quote from the ArsTechnica article says, "The malware detected goes under several names, including ArechClient and SectopRat. A 2019 analysis from security firm G Data found that it was a remote access trojan that was capable of streaming a user’s current desktop or creating a second invisible desktop that attackers could use to browse the Internet.
In a follow-on analysis published in February, G Data said the malware had been updated to add new features and capabilities, including encrypted communications with attacker-controlled command and control servers. A separate analysis found it had “capabilities like connecting to C2 Server, Profiling the System, Steal Browser History From Browsers like Chrome and Firefox.”"
Unfortunately, with threats like this, there isn't really an automatic way to protect yourself from them. It just takes being eagle-eyed and carefully assessing every domain you visit. It stinks that there are plenty of jerks out there who are looking to mess up your computer or steal your personal information, thus making these steps necessary, but that's just the age of the Internet and we're going to have to get used to it.
What are some of your tricks for browsing online safely? Have you had any experience having to deal with malware? Share with us!
Please login to comment and/or vote for this skin.
Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:
- Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
- Access to a great community, with a massive database of many, many areas of interest.
- Access to contests & subscription offers like exclusive emails.
- It's simple, and FREE!