UC Browser for Android Vulnerable to URL Spoofing Attacks

[Mohammad.Poorya]

The latest versions of UC Browser and UC Browser Mini Android apps with a total of over 600 million installs expose their users to URL spoofing attacks as explained by security researcher Arif Khan who found the flaw and reported it to the apps' security team.

URL spoofing attacks are based on the attackers' capability to change the URL displayed in the address bar of a web browser to trick their targets into thinking that the loaded website is controlled by a trusted party. However, as is the case with the address bar spoofing vulnerability discovered by Khan in the UC Browser apps for Android, the site is actually controlled by the malicious actors behind the attack.

Redirecting unaware targets to domains they control and camouflaging them as high-profile websites allows potential attackers to steal their victims' information using phishing landing pages or to drop malware on their computers via malvertising campaigns.

Source... https://www.bleepingcomputer.com/news/se...g-attacks/