Categories: MobileNews

UC Browser exposed 600 million Android users to MITM attacks

UC Browser is the most famous internet browser on the Google Play Store after Chrome. It has 500 million-plus downloads of main UC Browser and 100 million downloads of UC Browser Mini on all android devices. According to the report, all the users of UC Browser android applications are at risk since it has exposed them to the MITM attacks.

The MITM attack is a man-in-the-middle attack in which the attacker comes between the user and application. The attacker can also alter the communications between the two parties.

The flaw was pointed out by researchers of ZScaler, as they discovered that after downloading APKs from third party store away gets opens for MITM attacks that puts 600 million android users on risk. While investigating the issue they found out that the browser makes requests for additional APK from a specific domain “9appsdownloading”.

This activity violates the Google Play Store policy, as it says “An app distributed via Google Play may not modify, replace, or update itself using any method other than Google Play’s update mechanism. Likewise, an app may not download executable code (e.g., dex, JAR, .so files) from a source other than Google Play. This restriction does not apply to code that runs in a virtual machine and has limited access to Android APIs (such as JavaScript in a webview or browser).”

The APK file downloaded from a third-party app store 9Apps by the package name of com.mobile.indiapp, allows the attacker to perform harmful activities in the device. Once you install the application, it starts scanning the phone and allows more applications to install from a third-party app store with the domain of 9appsdownloading.

Google confirmed that it has taken action on the issue and also contacted the UCWeb to “update the apps and remediate the policy violation.”

Sponsored
AbuBakar

Share
Published by
AbuBakar

Recent Posts

Samsung Partners with Sapphire Electronics for Local Production in Pakistan

Sapphire Electronics (Pvt) Limited, a wholly owned subsidiary of Reliance Cotton Spinning Mills Limited, has…

4 hours ago

Apple iPhone 16 Pro Max vs Google Pixel 9 Pro XL ; Key Insights You Need to Know

Apple and Google, two tech giants, have designed their latest offerings to meet the needs…

5 hours ago

What’s New in iOS 18.2.1? Here’s What You Should Know

iOS 18.2 introduces thrilling new features like Visual Intelligence, Image Playground, and upgraded writing tools.…

6 hours ago

Federal Govt Official Urges ‘Less’ Internet Use, Only for Important Matters

On Sunday, Syed Sajid Mehdi, Pakistan's Parliamentary Secretary for the Cabinet Division, proposed a solution…

6 hours ago

Federal Government Announces December 25 as Public Holiday

ISLAMABAD: The federal government has declared December 25, 2024, as a public holiday to mark…

6 hours ago

Samsung Terminates Employees Over Galaxy S25 Ultra Images Leak

An early setback occurred for Samsung's much anticipated Galaxy S25 series when unauthorized photographs of…

7 hours ago