500+ Million UC Browser Android Users Exposed to MiTM Attacks. The highly popular UC Browser and UC Browser Mini Android apps, with a total of over 600 million Play Store installs, exposed their users to man-in-the-middle (MiTM) attacks by downloading an Android Package Kit (APK) from a third party server over unprotected channels.
Doing this is in direct violation of Google’s app store rules as Android apps “distributed via Google Play may not modify, replace, or update itself using any method other than Google Play’s update mechanism,”
Zscaler ThreatLabZ researchers discovered the following three issues:
• Downloading an additional APK from a third party – in violation of Google Play policy
• Communication over an unsecured channel – opening doors to man-in-the-middle attacks
• Dropping an APK on external storage (/storage/emulated/0)
The tactics used by UC Browser and UC Mini violate Google Play security policies and make it possible for any malicious app to gain entry into a user’s device. While 9Apps, an app store for Android apps, is not a malicious site, they have searched the domain using VirusTotal, which showed a number of detections:
Because UC Browser downloads an unknown third-party app to devices over unsecured channels, those devices can become victim to man-in-the-middle (MiTM) attacks. Using MiTM, attackers can spy on the device and intercept or change its communications. The UC Browser app’s use of unsecured channels also allows attackers to install an arbitrary payload on a device that can perform a variety of activities, such as display phishing messages designed to steal personal data, including usernames, passwords, and credit card numbers.
Once a user device has been compromised, and that compromised device connects back at the office, attackers have the ability to establish a foothold in your network, so they can snoop, spread malware, or steal data.