Alarming Number of UC Browser Users Vulnerable to MiTM Attacks

Man in The Middle Attack

A staggering number of UC Browsers and mini Android apps of the same name may have been vulnerable to Man-in-the-middle or MiTM attacks. This happened when they downloaded an APK, Android Package Kit from an unauthorized or third-party server over insecure channels. Hackers can use MiTM to spy on the devices and change or intercept any communications. This was recently announced by researchers who are working on suspicious activities over the app.

Developed by an Alibaba owned company, UCWeb, the UC Browser was launched in 2014. It quickly became the fourth most widely used browser used in mobile phones according to a website, Statcounter.

The discovery of the attacks came about when the researchers stumbled upon suspicious activities while working at Zscaler. They found this while investigating the odd activities that involve some speculative connections related to a domain called 9appsdownloading. It includes many requests made by the popular app UC Browser to the domain. This is highly unusual for the app to do that.

When they made a closer look at what’s going on, they found that the app, UC Browser is accessing the domain to take APK or Android Package Kit using an unprotected channel. It means that it was downloading in a channel with HTTP over the HTTPS.

Aside from violating the existing policy of Google Play, the users are also exposed to hacker attacks that are lurking in unsecured channels. When an Android user downloads in these channels, they are exposed to hackers and allows these attackers to download and install a specific payload on the device and let them do a variety of evil activities no holds barred.

Further scrutiny of the APK bared that it was accessible for Android users to download from a third-party application store known as 9apps. And that it has the package name under the guise of com.mobline.indiapp. Once the app is installed on an Android phone, it will start perusing for installed apps, and it will allow more applications from the mentioned app store to be downloaded in the form of APKs from the domain, 9appsdownloading.com.

The researchers also added that when you put the APK on external storage, it would allow the other apps with permission to interfere with the APK. The team shared the information with Google, and Google, on its part, has acknowledged the problem and asked the development team to mediate on the violation of policy and update its app. Meanwhile, UCWeb has already addressed the issue of its applications.