Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Universe Browser malware. Show all posts
Vault Viper
Baoying Group Chinese cybercrime fake privacy browser Infoblox report malware Universe Browser malware Vault Viper

Cybercriminals Behind “Universe Browser”: A Fake Privacy App Spying on Users and Linked to Chinese Crime Syndicates

 

With online privacy nearly impossible to maintain due to widespread web tracking and advertising, many users are turning to browsers that promise anonymity and data protection—such as Brave, DuckDuckGo, Mullvad, and Tor. However, cybersecurity experts have now identified one so-called “privacy browser” that is doing the exact opposite. The Universe Browser, which has been downloaded millions of times, is allegedly designed by cybercriminals to harvest user data instead of protecting it.

According to a recent Infoblox report prepared in collaboration with the United Nations Office on Drugs and Crime (UNODC), Universe Browser targets users in China and promotes itself as a secure way to bypass online censorship and access gambling websites. But beneath its seemingly protective exterior, the browser is tracking user locations, rerouting traffic through Chinese servers, installing keyloggers, and tampering with network configurations.

“These features are consistent with remote access trojans (RATs) and other malware increasingly being distributed through Chinese online gambling platforms,” says Infoblox. While the report does not directly accuse the developers of criminal activity, it notes that the browser’s operations align closely with cybercrime tactics like identity theft, blackmail, and targeted Trojan attacks.

Built on Google Chrome’s open-source framework, Universe Browser has been heavily marketed to clients of the Baoying Group—a network linked to Triad-affiliated criminal organizations referred to by researchers as “Vault Viper.” These groups are allegedly involved in illegal gambling, cyber fraud, money laundering, and even human trafficking.

Once installed, the malicious browser injects harmful code, evades antivirus scans, and monitors system data, including the clipboard. On Windows systems, it can even replace the original Chrome executable file, embedding itself deeply within the operating system. Users lose control of most browser settings, while a built-in extension can capture screenshots and upload them to remote servers.

Researchers found that encrypted user data from the browser is being transmitted to servers tied to Vault Viper. The app appears to be custom-developed for the Baoying Group, promoted exclusively on their gambling-related websites, and primarily targets users in China and Taiwan, where online betting is banned.

Universe Browser is also available on iOS App Store and as a sideloaded Android app, though it remains unclear whether these mobile versions contain the same level of malicious behavior as the Windows release. Still, experts warn that the safest move is to avoid the browser entirely.
Read more »
Subscribe to: Comments (Atom)