Hundreds of millions of UC Browser Android Users exposed to MiTM attacks

Over 600 million UC Browser and UC Browser Mini Android users have been exposed to man-in-the-middle (MiTM) attacks.

More than 600 million users of the popular UC Browser and UC Browser Mini Android apps have been exposed to man-in-the-middle (MiTM) attacks by downloading an Android Package Kit (APK) from a third party server over unprotected channels.

The UC Browser is developed by UCWeb, a company owned by the Alibaba Group since 2014, and is the world’s fourth most popular mobile browser according to StatCounter.

Researchers at Zscaler were investigating an unusual activity when discovered some questionable connections to a specific domain, 9appsdownloading[.]com. The requests were being made by the UC Browser app.

Further investigation allowed the researchers to determine that the UC Browser app was attempting to download an additional Android Package Kit (APK) over an unsecured channel (HTTP over HTTPS). This practice violates the Google Play policy, and the use of an unsecured channel exposes the users to man-in-the-middle attacks. The use of unsecured channels could allow attackers to deliver and install an arbitrary payload on a target device to perform a broad range of malicious activities.

The analysis of the APK revealed that it was available on a third-party app store named 9Apps, with the com.mobile.indiapp package name.

Once installed on a device, the 9Apps app started scanning for installed applications and it allowed installing more apps from the third-party app store that were downloaded as APKs from the 9appsdownloading[.]com domain.

Researchers also pointed out that dropping an APK on external storage (/storage/emulated/0) could allow other apps, with appropriate permissions, to tamper with the APK.

Zscaler shared its findings to Google on August 13 and the discussion on the potential violation lasted until September 25.

On September 27 Google acknowledged the problems and reported them to UCWeb asking the development team to “update the apps and remediate the policy violation,” UCWeb addressed the issues in its apps.

“It is too early to determine exactly what the UC Browser developers intended with their third-party APK, but it is clear that they are putting users at risk. And with more than 500 million downloads of UC Browser, that is a significant threat.” concludes the analysis published by ZScaler.

“Because UC Browser downloads an unknown third-party app to devices over unsecured channels, those devices can become victim to man-in-the-middle (MiTM) attacks. Using MiTM, attackers can spy on the device and intercept or change its communications,”

In May, security researcher Arif Khan discovered a browser address bar spoofing flaw in UC Browser and UC Browser Mini apps for Android.

Pierluigi Paganini

Subscribe to Cyber Defense Magazine

Join our mailing list, no strings attached. We never sell your data. We'll send you monthly e-magazines, webinar invites from us and our partners, cybersecurity trade show updates, awards, infosec news, cybersecurity tips and so much more on all things cyber defense.
Subscribe

Related News

Prevent Browser-In-The-Browser Phishing Attacks by Removing Human Input Error
October 21, 2019

CyberDefenseMagazine Follow 24,016 54,487

Cyber Defense Magazine - The Premier Source for IT Security and Compliance Information. https://t.co/748STKH6k0.

cyberdefensemag

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Global InfoSec Awards for 2024 are now Open! Take advantage of co-marketing packages and enter today!

Show Me!
X