UC Browser ‘Feature’ Lets Hackers Hijack Android Phones Remotely [thehackernews]

Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately.

Why? Because the China-made UC Browser contains a “questionable” ability that could be exploited by remote attackers to automatically download and execute code on your Android devices.

Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base of more than 500 million users worldwide.

According to a new report published today by Dr. Web firm, since at least 2016, UC Browser for Android has a “hidden” feature that allows the company to anytime download new libraries and modules from its servers and install them on users’ mobile devices.

Pushing Malicious UC Browser Plug-ins Using MiTM Attack

What’s worrisome? It turns out that the reported feature downloads new plugins from the company server over insecure HTTP protocol instead of encrypted HTTPS protocol, thus allowing remote attackers to perform man-in-the-middle (MiTM) attacks and push malicious modules to targeted devices.

For more, click here.