More than 600 million users of the popular UC Browser and UC Browser Mini Android apps have been exposed to man-in-the-middle (MiTM) attacks by downloading an Android Package Kit (APK) from a third party server over unprotected channels.
The UC Browser is developed by UCWeb, a company owned by the Alibaba Group since 2014, and is the world’s fourth most popular mobile browser according to StatCounter.
Researchers at Zscaler were investigating an unusual activity when discovered some questionable connections to a specific domain, 9appsdownloading.. The requests were being made by the popular Browser app.
Further investigation allowed the researchers to determine that the UC Browser app was attempting to download an additional Android Package Kit (APK) over an unsecured channel (HTTP over HTTPS). This practice violates the Google Play policy, and the use of an unsecured channel exposes the users to man-in-the-middle attacks. The use of unsecured channels could allow attackers to deliver and install an arbitrary payload on a target device to perform a broad range of malicious activities.
The analysis of the APK revealed that it was available on a third-party app store named 9Apps, with the com.mobile.indiapp package name.
Once installed on a device, the 9Apps app started scanning for installed applications and it allowed installing more apps from the third-party app store that were downloaded as APKs from the 9appsdownloading[.]com domain.
Researchers also pointed out that dropping an APK on external storage (/storage/emulated/0) could allow other apps, with appropriate permissions, to tamper with the APK.
Zscaler shared its findings to Google on August 13 and the discussion on the potential violation lasted until September 25.
On September 27 Google acknowledged the problems and reported them to UCWeb asking the development team to “update the apps and remediate the policy violation,” UCWeb addressed the issues in its apps.
“It is too early to determine exactly what the Browser developers intended with their third-party APK, but it is clear that they are putting users at risk. And with more than 500 million downloads of UC Browser, that is a significant threat.” concludes the analysis published by ZScaler.
“Because UC Browser downloads an unknown third-party app to devices over unsecured channels, those devices can become victim to man-in-the-middle (MiTM) attacks. Using MiTM, attackers can spy on the device and intercept or change its communications,”
In May, security researcher Arif Khan discovered a browser address bar spoofing flaw in the popular browser apps for Android.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Android, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
This website uses cookies.