In the past few years, many have fallen out of love with the Google Chrome Web browser. It's a resource heavy browser, so much so that many have moved to rivals like Microsoft Edge and Brave. However, helped by Google ads, a fake version of the Brave browser has infected countless computers looking to leave Chrome behind.
Google ads push bad Brave
Reported by Ars Technica, a fake version of the Brave browser is currently making the rounds. Scammers are using the domain “xn--brav-yva[.]com” with punycode to disguise it as “bravė[.]com; the URL leads to a perfect replica of the real website. For many, the disguised domain is similar enough that it’s leading many to trust the fake website.
In order to push more users to the website, the scammers paid for Google ads. Google users who searched for browsers or Brave specifically were met with the scam website right at the top of the search.
In the Ars report, it’s revealed that the Google ads disguised the link as fake URLs. The report’s image shows a link to mckelveytees.com, a real website for clothing. Clicking on the link would cycle through multiple links before loading into the fake Brave website.
What malware is installed?
Those who followed the Google ads and downloaded the fake Brave were met with malware. The malicious software is most commonly known as ArechClient and SectopRat. This software is said to be “Profiling the System, Steal Browser History From Browsers like Chrome and Firefox.”
The same malware has since been found on other fake websites. Websites designed to look just like Telegram, Signal and more have all been discovered since finding the fake Brave site. These websites are hard for most users to detect which makes the malware very dangerous.
Thankfully, Google has now deleted the fake website’s Google ads, but it is a bad precedent. Hopefully, Google will be more careful in the future.