Systems Affected
UC browser version 12.11.2.1184 and UC browser mini version 12.10.1.1192
Threat Level
High
Overview
Attacker could easily trick Android users who have using UC browser to think that they are visiting a trusted site but actually they are being served by a malicious or a phishing content.
Description
URL spoofing attacks are based on the attacker's ability to change the displayed URL in the address bar of a web browser and trick the users to think they are loaded with a genuine trusted website or web service.
As the researchers mentioned UC browser and UC browser mini make it possible for attackers to redirect attackers phishing domain as the targeted site, for an example, domain blogspot.com can pretend to be facebook.com by simply making a user visit www[.]google[.]com[.]blogspot.com[/?q=]www.facebook.com
Impact
✦ Stealing sensitive information from the tricked user
✦ Distributing malware
Solution/ Workarounds
✻ Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.
References
✦ https://thehackernews.com/2019/05/uc-browser-url-spoofing.html✦ https://www.bleepingcomputer.com/news/security/uc-browser-for-android-vulnerable-to-url-spoofing-attacks/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.