Best Top Reviews Online

Insecure UC Browser “Feature” Permits Remote Hacking of Android Phones

Beware! If you are using UC Browser on your mobile device, you should immediately uninstall it.

Why? Because the UC Browser from China contains a “questionable” capability that could be exploited by remote attackers to automatically download and execute code on your Android devices.

Developed by UCWeb, which is owned by Alibaba, UC Browser is one of the most popular mobile browsers, especially in China and India, with more than 500 million users worldwide.

According to a report published today by Dr. Web, UC Browser for Android has had a “hidden” feature since at least 2016 that allows the company to download and install new libraries and modules from its servers on users’ mobile devices.

Using MiTM to Push Malicious UC Browser Plug-ins

What causes worry? The reported feature downloads new plugins from the company server using the insecure HTTP protocol instead of the encrypted HTTPS protocol, allowing remote attackers to perform man-in-the-middle (MiTM) attacks and push malicious modules to targeted devices.

Since UC Browser utilizes unsigned plug-ins, it will launch malicious modules without verification, according to the researchers.

“Thus, to perform a MITM attack, cybercriminals need only hook the server response from https://puds.ucweb.com/upgrade/index.xhtml?dataver=pb, replace the link to the downloadable plug-in and the values of attributes to be verified, i.e., MD5 of the archive, its size, and the size of the plug-in. Consequently, the browser will connect to a malicious server to download and execute a Trojan module.”

In a Proof-of-Concept video shared by Dr. Web, researchers demonstrated how they were able to replace a PDF plugin with malicious code using a MiTM attack, causing the UC Browser to compile a new text message instead of opening the file.

Researchers explain, “Thus, MITM attacks can aid cybercriminals in using UC Browser to spread malicious plug-ins that perform a variety of actions.”

“For instance, they can display phishing messages to steal usernames, passwords, credit card information, and other personal information. In addition, trojan modules will have access to password-protected browser files and program directory passwords.”

UC Browser Contravenes Google Play Store Regulations

Since the capability allows UCWeb to download and execute arbitrary code on users’ devices without reinstalling an entirely new version of the UC Browser app, it also violates the Play Store policy by circumventing Google servers.

“This violates Google’s rules for app store software distribution. The current policy states that Google Play applications cannot modify their own code or download software components from third-party sources “researchers state.

“These rules were implemented to prevent the spread of modular trojans that download and execute malicious plugins.”

This dangerous feature has been discovered in both UC Browser and UC Browser Mini, affecting all versions, including the most recent version of the browsers released to date.

Dr. Web responsibly reported their findings to the developer of both UC Browser and UC Browser Mini, but they refused to comment on the matter. The issue was then reported to Google.

At the time of writing, UC Browser and UC Browser Mini are “still available and able to download new components while bypassing Google Play servers,” according to researchers.

Such a feature can be exploited in supply chain attack scenarios in which a company’s server is compromised, allowing attackers to push malicious updates to a large number of users at once, similar to the recent ASUS supply chain attack that compromised over one million computers.

Therefore, users have only one option: to delete the application until the company fixes the issue.

Update: A spokesperson for UCWeb states in The Hacker News “According to Dr. Web’s concerns, UC has updated the UC Browser app on Google Play. UC is an international company committed to developing a product that facilitates mobile internet access for millions of users.”

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Open Source Software Hijacked By North Korean Hackers

October 1, 2022

Microsoft security experts warn that Lazarus is back. Lazarus Group, a well-known North Korean threat actor, has been observed carrying out a highly sophisticated, targeted malware attack that involves compromising popular open-source software and running spear phishing campaigns. As a…

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.