Cybercriminals Spoof Brave Browser Website to Trick Users into Downloading Malware – Response From Security Expert

Cybercriminals have impersonated the browser’s website in order to push malware to unsuspecting users, via the use of a TLS certificate that made the malicious website appear genuine. The attackers even took out ads on Google to drive unsuspecting users to the fake website. 

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Kevin Bocek
Kevin Bocek , VP Security Strategy & Threat Intelligence
InfoSec Expert
August 3, 2021 3:20 pm

<p><span lang=\"EN-US\">This is a very brazen and clever example of spoofing. How many of us would immediately be able to spot the difference between Bravė.com and Brave.com? The fact that the site was then promoted via Google lends even more legitimacy, making it even harder for users to spot the fraud. In this context, the use of a legitimate TLS machine identity is essential to the success of the campaign – without a valid machine identity, then if a user went to visit the site they would have a warning to say it was insecure and to steer clear. Not only does this lull users into a false sense of security and trick them into downloading malware, it tells their browser that the website is trustworthy and secure. The use of machine identities will have also helped the hackers to trick the Google ad team, allowing them to use them for distribution platform to reach a huge audience.</span></p>
<p><u></u><u></u><u></u><span lang=\"EN-US\">Brave.com isn’t the first website to be spoofed in this way; all manner of customer-facing websites, many of which spoof top retailers and banks, exist to catch people out. To prioritise user safety, businesses need the means to discover website domains that are likely to be maliciously targeting their customers. This calls for them to be able to detect malicious certificates by monitoring and analysing public certificate logs, helping them detect lookalike domains before they can be used to attack customers. It also calls for them to make use of other industry advances, such as anti-phishing services that blacklist dangerous websites. It’s only by recognising the danger early, and crippling malicious sites before they cause damage, that businesses can protect their customers from harm, and protect their brand in the process.</span></p>

Last edited 1 year ago by Kevin Bocek
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x