UC Browser for Android, Desktop Exposes 500+ Million Users to MiTM Attacks

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The extremely popular UC Browser and UC Browser Mini Android applications with a total of over 600 million installs expose their users to MiTM attacks by downloading and installing extra modules from their own servers using unprotected channels and bypassing Google Play's servers altogether.

According to a Google support document regarding Google Play "Privacy, Security, and Deception", Android apps "distributed via Google Play may not modify, replace, or update itself using any method other than Google Play's update mechanism. Likewise, an app may not download executable code (e.g. dex, JAR, .so files) from a source other than Google Play."

"Anyone who has installed this software may be in danger. Doctor Web has detected its hidden ability to download auxiliary components from the Internet," as detailed in Doctor Web's analysis. "The browser receives commands from the command and control server and downloads new libraries and modules, which add new features and can be used to update the software."
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,454
An all-in-one China-based Browser app. Needn't say any more. ⬇

1553685399020.png
 

spaceoctopus

Level 16
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766
I remember to have read an article about the Indian army doing some research and analysis of apps installed on smartphones. Most of these apps had serious security flaws and backdoors, and most of them were from china. Some well know and popular products such as Cleanmaster and DU optimizers and battery savers, and among them UC web browsers.

Sadly it's exactly for those reason that makes this browser shady, that people love to use it. Nice interface, lots of bells and whistles, fast downloads, video downloading, the ability to make money. It is particularly popular in poor and developing countries. Adding all these features in a small browser like that needs a lot of resources and data. Obviously the reason why it talks to a lot of IPs in china. Nice find by DrWeb(y)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top