This ‘Privacy Browser’ Has Dangerous Hidden Features

The Universe Browser makes immoderate large promises to its imaginable users. Its online advertisements declare it’s nan “fastest browser,” that group utilizing it will “avoid privateness leaks” and that nan package will thief “keep you distant from danger.” However, everything apt isn’t arsenic it seems.

The browser, which is linked to Chinese online gambling websites and is thought to person been downloaded millions of times, really routes each net postulation done servers successful China and “covertly installs respective programs that tally silently successful nan background,” according to new findings from web information institution Infoblox. The researchers opportunity nan “hidden” elements see features akin to malware—including “key logging, surreptitious connections,” and changing a device’s web connections.

Perhaps astir significantly, nan Infoblox researchers who collaborated pinch nan United Nations Office connected Drugs and Crime (UNODC) connected nan work, recovered links betwixt nan browser’s cognition and Southeast Asia’s sprawling, multibillion-dollar cybercrime ecosystem, which has connections to money-laundering, forbidden online gambling, quality trafficking, and scam operations that usage forced labor. The browser itself, nan researchers says, is straight linked to a web astir awesome online gambling institution BBIN, which nan researchers person branded a threat group they telephone Vault Viper.

The researchers opportunity nan find of nan browser—plus its suspicious and risky behavior—indicates that criminals successful nan region are becoming progressively sophisticated. “These criminal groups, peculiarly Chinese organized crimes syndicates, are progressively diversifying and evolving into cyber enabled fraud, pig butchering, impersonation, scams, that full ecosystem,” says John Wojcik, a elder threat interrogator astatine Infoblox, who besides worked connected nan task erstwhile he was a unit personnel astatine nan UNODC.

“They’re going to proceed to double down, reinvest profits, create caller capabilities,” Wojcik says. “The threat is yet becoming much superior and concerning, and this is 1 illustration of wherever we spot that.”

Under nan Hood

The Universe Browser was first spotted—and mentioned by name—by Infoblox and UNODC astatine nan commencement of this twelvemonth erstwhile they began unpacking nan integer systems astir an online casino cognition based successful Cambodia, which was previously raided by rule enforcement officials. Infoblox, which specializes successful domain sanction strategy (DNS) guidance and security, detected a unsocial DNS fingerprint from those systems that they linked to Vault Viper, making it imaginable for nan researchers to trace and representation websites and infrastructure linked to nan group.

Tens of thousands of web domains, positive various command-and-control infrastructure and registered companies, are linked to Vault Viper activity, Infoblox researchers opportunity successful a study shared pinch WIRED. They besides opportunity they examined hundreds of pages of firm documents, ineligible records, and tribunal filings pinch links to BBIN aliases different subsidiaries. Time and clip again, they came crossed nan Universe Browser online.

“We haven’t seen nan Universe Browser advertised extracurricular of nan domains Vault Viper controls,” says Maël Le Touz, a threat interrogator astatine Infoblox. The Infoblox study says nan browser was “specifically” designed to thief group successful Asia—where online gambling is mostly illegal—bypass restrictions. “Each of nan casino websites they run look to incorporate a nexus and advertisement to it,” Le Touz says.