UC Browser for Android Vulnerable to URL Spoofing Attacks (May 8, 2019)
Security researcher, Arif Khan, has uncovered a vulnerability in UC Browser and UC Browser Mini Android video downloader apps. The disclosure, made April 30, details a vulnerability exposing users to spoofing attacks by sending them to domains controlled by malicious attackers. Users could be at risk of having their information stolen or receiving malware. Khan has reported the vulnerability to the UCWeb security team, with the report currently assigned “Ignored” by the team.
Recommendation: Always practice Defense in Depth (do not rely on single security mechanisms - security measures should be layered, redundant, and failsafe).
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.