And indeed, it feels like one should assume that a program that replaces page-originated requests for web resources with requests for different web resources would look an awful lot like malware to a naive heuristic based on the design of past malware.
Brave doesn't do that. Brave blocks ads and trackers. In some (half a dozen or so) cases, we might load an internal resource (known as a siteHack, for fixing broken experiences), but we don't substitute network requests.