Hidden ability UC Browser lets hackers attack Android phone

According to the developer rules of the Google Play Store, application developers must not bypass the Google detection mechanism and download code and update modules through the built-in server. However, “Doctor Web malware analysts have detected a hidden ability within the popular UC Browser to download and run questionable code on mobile devices. The application is capable of downloading auxiliary software modules, bypassing Google Play servers. This violates Google Inc.’s rules and poses a serious threat because it enables any code, including malicious ones, to be downloaded to Android devices.”

This dynamic update can be used to provide new functional modules for UC browsers or to update browser versions directly, but this is a violation of the developer policy. Whether Apple or Google ban this update method is mainly concerned that developers will bypass the inspection mechanism and push malware or modules directly to users. The commands issued by the UC browser are transmitted by encryption, but the browser itself is connected to the command server but is transmitted in plain text and may be hijacked by the MITM attack.

Researchers explain,

“Thus, MITM attacks can help cybercriminals use UC Browser to spread malicious plug-ins that perform a wide variety of actions. For example, they can display phishing messages to steal usernames, passwords, bank card details, and other personal data. Additionally, trojan modules will be able to access protected browser files and steal passwords stored in the program directory.”