A popular web browser’s hidden ability poses a serious risk to more than 500 million Google Play users and their Android devices.
Malware analysts at Doctor Web recently observed that UC Browser, a web browser developed by the Alibaba-owned Chinese mobile Internet company UCWeb, can secretly download and execute new libraries and modules from third-party services. Such a function places UC Browser in violation of Google Play’s rules for software distributed in its app store. It also undermines the security of 500 million Google Play users who’ve downloaded the app in the past.
One of the biggest dangers here is that digital criminals could seize control of the browser developer’s servers and use its hidden feature to load trojans or other unwanted software. Digital attackers could also use the function to perform man-in-the-middle (MitM) attacks. As Doctor Web’s researchers explain in a blog post: