UC Browser ‘Feature’ Lets Hackers Hijack Android Phones Remotely [thehackernews]
by CIRT Team
Beware! If you are using UC Browser on your smartphones, you should consider uninstalling it immediately.
Why? Because the China-made UC Browser contains a “questionable” ability that could be exploited by remote attackers to automatically download and execute code on your Android devices.
Developed by Alibaba-owned UCWeb, UC Browser is one of the most popular mobile browsers, specifically in China and India, with a massive user base of more than 500 million users worldwide.
According to a new report published today by Dr. Web firm, since at least 2016, UC Browser for Android has a “hidden” feature that allows the company to anytime download new libraries and modules from its servers and install them on users’ mobile devices.
Pushing Malicious UC Browser Plug-ins Using MiTM Attack
What’s worrisome? It turns out that the reported feature downloads new plugins from the company server over insecure HTTP protocol instead of encrypted HTTPS protocol, thus allowing remote attackers to perform man-in-the-middle (MiTM) attacks and push malicious modules to targeted devices.
For more, click here.
Recommended Posts
BGD e-GOV CIRT এর আয়োজনে আয়োজনে আর্থিক প্রতিষ্ঠান ও CII সমূহের সাইবার ড্রিল ২০২৩ চূড়ান্ত পর্ব অনুষ্ঠিত
22 Oct 2023 - Articles, Bangla Articles, CIRT In Media, News, News Clipping

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes
25 Oct 2022 - News, News Clipping
সাইবার-নিরাপত্তা-সূচকে-এগিয়েছে-বাংলাদেশ
30 Jun 2021 - CIRT In Media, News Clipping