Spoof URLs on UC Browser for android

  • CERT Admin
  • Thu May 09 2019
  • Alerts

Systems Affected 

UC browser version 12.11.2.1184 and UC browser mini version 12.10.1.1192

Threat Level

High

Overview 

Attacker could easily trick Android users who have using UC browser to think that they are visiting a trusted site but actually they are being served by a malicious or a phishing content.

Description 

URL spoofing attacks are based on the attacker's ability to change the displayed URL in the address bar of a web browser and trick the users to think they are loaded with a genuine trusted website or web service.

As the researchers mentioned UC browser and UC browser mini make it possible for attackers to  redirect attackers phishing domain as the targeted site, for an example, domain blogspot.com can pretend to be facebook.com by simply making a user visit www[.]google[.]com[.]blogspot.com[/?q=]www.facebook.com

Impact 

  ✦  Stealing sensitive information from the tricked user
  ✦  Distributing malware

Solution/ Workarounds 

  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.

References 

  ✦  https://thehackernews.com/2019/05/uc-browser-url-spoofing.html
  ✦  https://www.bleepingcomputer.com/news/security/uc-browser-for-android-vulnerable-to-url-spoofing-attacks/

Disclaimer 

The information provided herein is on "as is" basis, without warranty of any kind.
 

Last updated: Thu May 09 2019