Security experts found unusual activities in UC Browser for Android, exposing more than 500 million users to Man-in-the-Middle attacks.
According to a research by security firm Zscaler, UC Browser and UC Browser Mini apps unusually requested an unprotected (HTTP) channel to download an additional Android Package Kit from the remote server. It’s said that UC Browser and UC Mini violated Google Play security policies and make it possible for any malicious app to enter a user’s device.
According to the research, UC Browser downloads a third-party app to devices over unsecured channels, which become victim to Man-in-the-Middle (MiTM) attacks. Using MiTM attacks, the hackers can spy on the victim’s device, install an arbitrary payload that performs phishing attacks, steal personal data, including usernames, passwords, and credit card numbers.
“As we began to analyze the UC Browser app, we found that the requests were being made to download an additional Android Package Kit (APK) over an unsecured channel (HTTP over HTTPS). Downloading and/or updating components from a third-party source violates Google Play policy,” Zscaler said in a statement.
Zscaler stated that it found three unusual activities on the UC Browser app during its investigation, which include, Downloading an additional APK from a third party, Communication over an unsecured channel, and Dropping an APK on external storage.
Zscaler also highlighted that it found UC Browser Mini from the same developer with the same functionality and issues. “During our analysis, we found the APK being dropped on external storage, but we did not find the APK being installed. It is possible that this functionality is still under development or there may be other reasons it wasn’t installed, such as exception, disabled unknown-sources option, or rooted device,” Zscaler added.
