Uc browser android hacking

Secret function’ in UC browser allows hackers to compromise Android devices 2019

Doctor Web, a major Russian anti-malware firm, reported that remote attackers could use the mobile device browser ‘ UC Browser ‘ to download and launch fresh software components automatically, bypassing Google Play servers.

For those unaware, UC Browser, created by China-based Alibaba-owned UCWeb, is one of India and China’s most commonly used mobile device browsers and has over 500 million users around the world.

According to the Doctor Web firm’s report, while UC Browser is not integrated with malicious software itself, since at least 2016 it features a ‘ secret function ‘ that enables developers to download fresh libraries and modules from their servers and install them on mobile devices of customers at any moment and without authentication.

UC Browser downloads the plug-in via the unsafe HTTP protocol and not the encrypted HTTPS protocol that enables remote attackers to conduct man-in – the-middle (MiTM) assaults and load malicious modules into targeted systems.

“Since UC Browser works with unsigned plug-ins, it will launch malicious modules without any verification,” the researchers say.

“Cybercriminals will only need to hook up the server response from http:/puds.ucweb.com/upgrade/index.xhtml to execute a MITM attack?Dataver= pb, substitute the connection to the plug-in to be downloaded and the attribute values to be checked, i.e. the archive MD5, its size and the plug-in size. As a consequence, to download and launch a Trojan module, the browser will access a malicious server.

The Researchers showed a PoC video showing a prospective victim downloading and attempting to view a PDF document via UC Browser. To open the file, the browser attempts to download from the command and control server the respective plug-in. However, the browser downloads and launches another library owing to the MITM replacement. Then this library generates a text message saying, “PWNED!”.

UC Browser hacking live demo.

“MITM attacks can therefore help cyber criminals use UC Browser to spread malicious plug-ins that execute a broad range of behavior,” Researchers clarify.

“To steal usernames, passwords, bank card information, and other private information, they can show phishing emails, for instance. In addition, trojan modules can access protected browser files and steal passwords stored in the folder of the program.

This function enables browser developers to download and perform arbitrary code on machines for users without installing a complete fresh UC browser application version.

It also fails to comply with the Play Store policy as it attempts to bypass Google’s servers.”This breaches Google’s software laws distributed in its app store. The current policy states that Google Play downloaded applications can not alter their own code or download any third-party software components, “tell the Researchers .

“These guidelines have been implemented to avoid the allocation of malicious plugins by modular trojans.”

The Researchers discovered this malicious function influenced both UC Browser and UC Browser Mini and all UC Browser versions published to date. Doctor web experts approached both browsers ‘ developers, but declined to comment on the issue. As a result, Google was reported by malware analysts.

The compromised apps, UC Browser, and UC Browser Mini are “still accessible at the moment of writing and can download fresh parts, bypassing Google Play servers,” Researchers claim.

Doctor Web experts have suggested that Android device owners consider whether they should continue to use or remove these programs and wait until they are updated to address prospective vulnerabilities.

Source: THN


Please enter your comment!
Please enter your name here