Friday, November 1, 2024
HomeAndroidDangerous Function in UC Browser Lets Hackers to Hijack Millions Of Android...

Dangerous Function in UC Browser Lets Hackers to Hijack Millions Of Android Users via MITM Attacks

Published on

Malware protection

Potentially dangerous future in UC browser puts Hundreds of millions of Android users under high risk that allows hackers to hijack Android devices via Man-in-the-Middle Attacks.

A hidden future that uncovered in UC browsers let attackers download and run untested code in any of the Android devices and also its bypass the Google Play servers by downloading the auxiliary software modules.

UC browsers is a most papular browser in Android platform with more than 500 million downloads from the Google Play store alone, and this new dangerous future let all the downloaded users vulnerable to MITM attacks.

- Advertisement - SIEM as a Service

This untrusted UC browser function completely violates the Google play store policies, and it allows to download the malicious code to Android devices.

Based on the strict Google Play Store policy, any applications downloaded from Google Play and any software components from third-party sources cannot change their own code.

In this case, researchers from Dr.Web tested the application by download the executable Linux library from the remote server (not malicious) into the browser and launched it for execution, thus, the browser successfully executes the code.

Man-in-the-Middle Attack with UC Browser

UC browser makes a request to the management server and receives the link whenever it needs to download a new plug-in.

In this case, UC browser request to the server to establishes the communication over untrusted HTTP protocol instead of encrypted HTTPS which leads to attackers directly perform a Man-in-the-MIddle Attack.

According to Dr.Web research, Attackers can replace incoming commands by pointing to the address of a malicious resource. As a result, the program downloads new modules from it, and not from the present managing server. Since UC Browser works with unsigned plugins, it will launch malicious modules without any verification.

If this MITM attack successfully obtained by the attacker, then it leads to spreading malicious plug-ins through UC Browser that can perform a wide variety of actions including to steal usernames, passwords, information on bank cards and other personal data.

This Dangerous function uncovered in both UC Browser and UC Mini, But the MITM attack will not work in the UC Browser Mini.

This serious flow already reported to Google, but still, both Browsers are available to download with this dangerous function. Users urged to un-install now until they fix this issue.

Learn: Complete Network Attacks and Security


You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to...

New Windows Downgrade Attack Let Hackers Downgrade Patched Systems To Exploits

The researcher discovered a vulnerability in the Windows Update process that allowed them to...

Hackers Use Fog Ransomware To Attack SonicWall VPNs And Breach Corporate Networks

Recent cyberattacks involving Akira and Fog threat actors have targeted various industries, exploiting a...