Introduction
At the end of March we reported on the hidden potential to download and run unverified code in UC Browser. Today we will examine in detail how it happens and how hackers can use it.
Some time ago, UC Browser was promoted and distributed quite aggressively. It was installed on devices by malware, distributed via websites under the guise of video files (i.e., users thought they were downloading pornography or something, but instead were getting APK files with this browser), advertised using worrisome banners about a user’s browser being outdated or vulnerable. The official UC Browser VK group had a topic where users could complain about false advertising and many users provided examples. In 2016, there was even a commercial in Russian (yes, a commercial of a browser that blocks commercials).
As we write this article, UC Browser was installed 500,000,000 times from Google Play. This is impressive since only Google Chrome managed to top that. Among the reviews, you can see a lot of user complaints about advertising and being redirected to other applications on Google Play. This was the reason for our study: we wanted to see if UC Browser is doing something wrong. And it is! The application is able to download and run executable code, which violates Google Play’s policy for app publishing . And UC Browser doesn’t only download executable code; it does this unsafely, which can be used for a MitM attack. Let's see if we can use it this way.