Recently users of UC Browser, one of Android's most popular browsers, with over 500 million downloads, were victims of a well-known but still very dangerous threat. The Man in the Middle.
It's been a while since Android became the most widely used operating system in the world. With such growth, it was to be expected that the system would be more targeted by malicious code developers and people interested in somehow taking advantage of users in immoral and / or illegal ways.
Recently, researchers have ThreatLabZ, a research institute integrated by security technicians, researchers, and network engineers, realized an unusually large number of calls from UC Browser to a specific domain. 9appsdownloading (.) Com. These calls requested to download a specific .apk package downloaded to the device's external storage. Like many other apps, right after it is installed, UC Browser tries to ask the user for permission to access external storage, once granted, there is no barrier that can prevent the browser from saving the package to the device.
Such calls for this download indicated two problems. First, that they were all being made so that the user didn't even know it. The second, and most dangerous, problem is that these calls were made through the HTTP protocol, an insecure channel, which at that very moment left the user exposed to Man in the Middle.
Man in the Middle?
Sounds like the name of some gum music you've heard, I know, but unfortunately it's a lot more dangerous. Man in the Middle is a technique in which an attacker positions himself between two communicating parties, intercepts messages, and has the possibility of impersonating one of the parties involved. Hackers commonly steal from stealing sensitive information about bank accounts, email accounts, passwords, credit card details, and more.
What is the downloaded apk?
Analysts at Zscaler, the company behind the ThreatLabZ group, have analyzed the .apk content in question. It was first noticed that the package was downloaded but not installed. Perhaps the functionality is not yet fully developed. So analysts decided to install the app manually to see what it was and found it to be a third-party app store called 9apps.
At first startup, 9apps scanned for apps installed on the device, as well as other unofficial app stores for android, such as Aptoide or Mobogenie. Interestingly, when checking the list of apps available for download, we noticed a lot of apps with content targeted at the adult audience.
For testing purposes, the team decided to download and install an app through 9apps, and at this point it was realized that the file was downloaded from 9appsdownloading (.) With. The same domain from which the store itself was downloaded without the user's consent, as mentioned at the beginning of this article.
Finally, the ThreatLabZ team, through the service VirusTotal (a service that parses websites and URLs for malicious content) has done a site analysis of 9appsdownloading (.) com, which has resulted in a small but existing number of detections. Which is reason enough to recommend that users avoid contact with this site as much as possible.
As of this writing, there has been no communication or clarification coming from the team behind UC Browser. Thus, it was also unclear what were the intentions of developers when implementing such functionality in the software, which in addition to being a disrespect for users, such attitude also goes against the rules of Google Play, which has not yet commented on the case. .
I am not currently a UC Browser user, but I have used the software for a relatively long time. This type of news undoubtedly causes the product to lose credibility. If before I had any intention of using the software again, it's over here. Now what remains is to wait and see if the UC Browser team will come forward to explain the situation, and what kind of explanation that would be. In particular, I find it very difficult for there to be a legitimate and fair reason to explain what happened.
This kind of event only reinforces the safest way to use open source software. It's not necessarily free, but having your code open already makes it much harder to hide such functionality in the software. To make an analogy, use closed-source software as if we were eating something without knowing what was done. It can be a box of surprises.
Do you know, or user of UC Browser? Has your view of the browser changed after learning about the recent facts? Tell us in the comments.
Do you like Linux and technology? Got a question or problem you can't solve? Come join our community in the Diolinux Plus!
This is all folks!
See an error or would you like to add any suggestions to this article? Collaborate, click here.