Spoof URLs on UC Browser for android

  • CERT Admin
  • Thu May 09 2019
  • Alerts

Systems Affected 

UC browser version and UC browser mini version

Threat Level



Attacker could easily trick Android users who have using UC browser to think that they are visiting a trusted site but actually they are being served by a malicious or a phishing content.


URL spoofing attacks are based on the attacker's ability to change the displayed URL in the address bar of a web browser and trick the users to think they are loaded with a genuine trusted website or web service.

As the researchers mentioned UC browser and UC browser mini make it possible for attackers to  redirect attackers phishing domain as the targeted site, for an example, domain blogspot.com can pretend to be facebook.com by simply making a user visit www[.]google[.]com[.]blogspot.com[/?q=]www.facebook.com


  ✦  Stealing sensitive information from the tricked user
  ✦  Distributing malware

Solution/ Workarounds 

  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.


  ✦  https://thehackernews.com/2019/05/uc-browser-url-spoofing.html
  ✦  https://www.bleepingcomputer.com/news/security/uc-browser-for-android-vulnerable-to-url-spoofing-attacks/


The information provided herein is on "as is" basis, without warranty of any kind.

Last updated: Thu May 09 2019