With help from Google, impersonated Brave.com website pushes malware

Discussion in 'malware problems & news' started by ronjor, Jul 31, 2021.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    118,456
    Location:
    Texas
    Dan Goodin - 7/31/2021
     
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,373
    Location:
    The Netherlands
    Very clever attack, this could have fooled lots of people. But Google should really be screening this stuff, shame on them.
     
  3. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,580
    Location:
    U.S.A. (South)
    I don't get it @Rasheed187- All these such findings like @ronjor posted. and there are oddle many others. These, and others, (not just nuisances either), is bordering on the exact same frequency and level as what we was up against in Windows 98 when it was 32Bit and rather easy pickings for anyone to get infected or a ton of malware express delivered by just being hooked up "Live" to the internet.

    Am I overstating matters or is there a vast similarity that's literally overtaking it just like back on Windows 98. Be it browser techniques or what have you. Sheez.
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,898
    Location:
    Among the gum trees
    It looks like the IDN Safe extension is still useful.
     
  5. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,301
    Location:
    the Netherlands
    Which browsers need such extension?
    In Firefox one can set about:config network.IDN_show_punycode true to force Firefox to show Punycode when it is used.
     
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,282
    Location:
    Canada
    I don't know about anyone else in these forums, but I never, ever click on any of the Google Ad - links when I search for something.
     
    Last edited: Jul 31, 2021
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,898
    Location:
    Among the gum trees
    I didn't realise that but IDN Safe blocks the website but you can then whitelist or temporarily allow it.

    It works in Firefox and Chromium based browsers.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,898
    Location:
    Among the gum trees
    Me either.
     
  9. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    2,301
    Location:
    the Netherlands
    I would guess most of us use a content blocker that blocks such results.
     
  10. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,282
    Location:
    Canada
    Good point. I use uBlock and I never see those, but on my employer-provided COE device, for example, I do see them.
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,538
    Location:
    Outer space
    I don´t see them because of contect blockers, but when I do on other machines, I never click on fake Ad results but scroll down to the first real search results. I know people who click on the Ad results though.

    I have to disagree for this case. Yes in other use cases Bravė.com might not be noticed instead of Brave.com, however you would first have to click on the mckelveytees.com result, and that is a lot more noticeable. And the malicious exe file was inside an ISO, so more steps are needed to open it and it is more suspicious.
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,373
    Location:
    The Netherlands
    I do click on them, for the simple reason that they are often quite useful. I have no problem with these kind of ads, they are not annoying to me. Well, what is annoying is that uBlock sometimes block access to those links.
     
  13. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    3,282
    Location:
    Canada
    I find they typically result in malicious content.
     
  14. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,373
    Location:
    The Netherlands
    Not with me, they usually direct me to relevant webshops. However, it's unacceptable that Google isn't screening this stuff, because a few years back criminals did the same with a Dutch online bank named Knab, and people actually lost money. Apparently they didn't make use of 2FA, so they entered their credentials on a fake website which looked like the real Knab homepage, that came up via Google Ads.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.