UC Browser exposed 600 million Android users to MITM attacks
UC Browser is the most famous internet browser on the Google Play Store after Chrome. It has 500 million-plus downloads of main UC Browser and 100 million downloads of UC Browser Mini on all android devices. According to the report, all the users of UC Browser android applications are at risk since it has exposed them to the MITM attacks.
The MITM attack is a man-in-the-middle attack in which the attacker comes between the user and application. The attacker can also alter the communications between the two parties.
The flaw was pointed out by researchers of ZScaler, as they discovered that after downloading APKs from third party store away gets opens for MITM attacks that puts 600 million android users on risk. While investigating the issue they found out that the browser makes requests for additional APK from a specific domain “9appsdownloading”.
The APK file downloaded from a third-party app store 9Apps by the package name of com.mobile.indiapp, allows the attacker to perform harmful activities in the device. Once you install the application, it starts scanning the phone and allows more applications to install from a third-party app store with the domain of 9appsdownloading.
Google confirmed that it has taken action on the issue and also contacted the UCWeb to “update the apps and remediate the policy violation.”