Brave is one of the browsers that has attracted users the most, outside the regular circle of standard suggestions. This proposal is based on Chromium, but it removes all the extensions that Google puts in its proposal, so it is more efficient.
With fame, Brave has become an interesting asset and a very important object for hackers. Thus, it is not uncommon for a recent campaign to be discovered and actually dealt with, which prompted users to install malware, thinking that this browser was installed.
This new discovered campaign uses some elements already known to everyone, yet it is still effective and easy to use. It combines some successful formulas that have worked and misled users in the past.
The access method, usually the hardest part, has an extremely innocent and effective help. We're talking about the Google Ads system, which was broadcasting ads allowing users to access a site where all the Brave stuff has been copied.
Upon accessing the site, users were directed to download an executable file, stuffed Malware deceives the user. The website's private domain used a very conservative change that misled users: BravÄ—[.]com (xn - brav-yva[.]With)
The addition of (false) trust conveyed by this Brave site are all the elements that the Internet now imposes. We are talking about the certificate and HTTPS connections, which in this case were present and again managed to deceive visitors.
As for the installed malware (ArechClient or SectopRat), it created an encrypted communication channel and allowed to take control of the computer remotely. From that moment on, the user is detected and their data can be stolen, as well as can easily attack other devices.
This attack has been successful using some basic methods, known and simple to detect. On a simple basis, Google Ads, which when a browser search was conducted, indicated the similarity of this site in everything, even the address itself.