UC Browser for Android Vulnerable to URL Spoofing Attacks

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The latest versions of UC Browser and UC Browser Mini Android apps with a total of over 600 million installs expose their users to URL spoofing attacks as explained by security researcher Arif Khan who found the flaw and reported it to the apps' security team.

URL spoofing attacks are based on the attackers' capability to change the URL displayed in the address bar of a web browser to trick their targets into thinking that the loaded website is controlled by a trusted party. However, as is the case with the address bar spoofing vulnerability discovered by Khan in the UC Browser apps for Android, the site is actually controlled by the malicious actors behind the attack.

Redirecting unaware targets to domains they control and camouflaging them as high-profile websites allows potential attackers to steal their victims' information using phishing landing pages or to drop malware on their computers via malvertising campaigns.

The URL spoofing issue
"URL Address Bar spoofing is the worst kind of phishing attack possible. Because it's the only way to identify the site which the user is visiting," said Khan.
... ...
...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top