Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » UC Browser violates Google Play Store policies and raises security concerns by downloading extra modules

UC Browser violates Google Play Store policies and raises security concerns by downloading extra modules

UC Browser and UC Browser Mini Android apps violate Google Play Store policies by downloading and installing extra app modules thereby exposing its users to MitM attacks.
This updating feature is present in the UC browser application since 2016.
What is the issue – UC Browser and UC Browser Mini Android apps violate Google Play Store policies by downloading and installing extra app modules thereby exposing its users to Man in the Middle (MitM) attacks.

Why it matters – It is to be noted that UC browser has been downloaded by over 500 million users.

The big picture

Doctor Web malware analysts uncovered a feature in UC browser that downloads extra app modules and runs executable codes on users’ devices. The researchers noted UC browser has the ability to download auxiliary software modules, bypassing Google Play servers.

Researchers described that in their analysis, UC Browser downloaded an executable Linux library from a remote server.
Upon downloading, the UC browser saved the Linux library to its directory and launched it for execution.
Worth noting

This updating feature is present in the UC browser application since 2016.
This feature can be exploited by attackers to perform Man in the Middle (MitM) attacks.
MitM attacks help attackers to leverage UC Browser and distribute malicious plug-ins.
“Although the application has not been seen distributing trojans or unwanted software, its ability to load and launch new and unverified modules poses a potential threat. It’s impossible to be sure that cybercriminals will never get ahold of the browser developer’s servers or use the update feature to infect hundreds of millions of Android devices,” researchers said.

How would an attack work?

UC Browser sends a request to the C&C server to download new plug-ins.
In response to the request, the UC browser receives a link to file.
Attackers can get hold of the requests from the UC browser since its communication to the C&C server is carried over an unsecured channel.
Attackers can then replace the commands with ones containing different addresses.
This makes the UC browser download new modules from the malicious server instead of its C&C server.
Doctor Web researchers also created a demo video showing how when a potential victim just wants to view a PDF document using UC Browser but the browser downloads a plug-in module from the C&C server.

What’s the conclusion – Upon detecting the potential dangerous feature in UC Browser and UC Browser Mini, Doctor Web analysts notified the developer of both browsers about the feature. Later, Doctor Web notified the issue to Google. However, both browsers are still capable of downloading new modules.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket