Recently, if you have come across UC browsers ads abruptly on your mobile phones, you may have experienced some sort of malicious activity post clicking it. Most of the users of this browser may have become victims of compromised personal data.

As per the security analysis, UC Browser and UC Browser Mini Android applications breed data attacks on its 500+ million users worldwide. Once the browser is installed in a machine, it exposes its users to MiTM attacks by downloading and installing extra modules, bypassing the Google Play’s servers.

If we go by the Google support document in regard to Google Play Android apps “distributed via Google Play may not modify, replace, or update itself using any method other than Google Play’s update mechanism. Likewise, an app may not download executable code (e.g. dex, JAR, .so files) from a source other than Google Play”.

In case of a user downloading a UC browser or a UC Browser Mini Android, the privacy and security goes for a toss. Security analysts have identified that “Anyone who has installed this software may be in danger. Doctor Web has detected its hidden ability to download auxiliary components from the Internet”, as the browser “receives commands from the command and control server and downloads new libraries and modules, which add new features and can be used to update the software”.

How UC Browser facilitates MitM attacks

As of now, the UC Browser and UC Browser Mini are not indulged in downloading and installing malicious codes, but the China based browser is very much capable of downloading and installing extra modules from its servers. This capability of the UC browser and UC Browser Mini raises serious threats to the users.

As per Doctor Web’s research, “It’s impossible to be sure that cybercriminals will never get a hold of the browser developer’s servers or use the update feature to infect hundreds of millions of Android devices.”

The capability of UC Browsers to unofficially download and install any update can be exploited for leading man-in-the-middle attacks (MitM) attacks. This can further lead to remote controlled affected devices.

The unencrypted communications of the browser with its server gives enough scope to the malicious actors for infiltrating their own content amidst the in-process update commands.

These unnoticed modules will then be subsequently launched on the devices, exposing them to cyber attacks. An experiment done by Doctor Web’s security researchers proves how the attack can be done using the browser’s capability to download and install unencrypted module updates.

Further findings suggest that though both UC Browser for desktop and mobile are prone to the vulnerability, still “MiTM attack doesn’t work against the UC Browser Mini app because it doesn’t use the libpicsel library designed to work with MS Office documents and PDF files. However, it can also download and execute untested components, bypassing Google Play servers”.

Till now UCWeb Inc, the creator of UC Browser and UC Browser Mini has denied any response to the found vulnerabilities. The security vulnerability is now haunting millions of users across the globe of being victim of malicious entities.