Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Spoof URLs on UC Browser for android

 

Systems Affected


UC browser version 12.11.2.1184 and UC browser mini version 12.10.1.1192

Threat Level


High


Overview


Attacker could easily trick Android users who have using UC browser to think that they are visiting a trusted site but actually they are being served by a malicious or a phishing content.


Description


URL spoofing attacks are based on the attacker's ability to change the displayed URL in the address bar of a web browser and trick the users to think they are loaded with a genuine trusted website or web service.
As the researchers mentioned UC browser and UC browser mini make it possible for attackers to redirect attackers phishing domain as the targeted site, for an example, domain blogspot.com can pretend to be facebook.com by simply making a user visit www[.]google[.]com[.]blogspot.com[/?q=]www.facebook.com


Impact


  ✦  Stealing sensitive information from the tricked user
  ✦  Distributing malware


Solution/ Workarounds


  ✦  Avoid using UC browser and UC browser mini


References


  ✦  https://thehackernews.com/2019/05/uc-browser-url-spoofing.html
  ✦  https://www.bleepingcomputer.com/news/security/uc-browser-for-android-vulnerable-to-url-spoofing-attacks/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.