A recent report by cybersecurity researchers has issued a stark warning about a web browser marketed as “privacy-friendly” which, alarmingly, appears to operate as malware. Known as the Universe Browser, it is believed to have millions of installations and presents significant security risks to its users. The browser reportedly directs its network traffic through servers located in China and silently installs various programs that run discreetly in the background. Experts indicate that its hidden functionalities include keylogging capabilities, unauthorized alterations to device network settings, and clandestine connections to external entities.
Unmasking the Universe Browser’s Dangers
These concerning discoveries about the Universe Browser were unveiled in a collaborative report by the cybersecurity firm Infoblox and the United Nations Office on Drugs and Crime (UNODC) Regional Office for Southeast Asia and the Pacific.
Despite its “privacy-friendly” branding, the browser reportedly contains concealed features, including keylogging, which actively records every keystroke a user makes. It is also suspected of engaging in background activities that manipulate device settings and establish hidden connections to external servers. Furthermore, the Universe Browser has the ability to deactivate common browser functions like right-click menus, developer tools, and vital security protections.
Upon launch, the browser reportedly performs checks on the user’s location, language, and whether it’s operating within a virtual machine environment. Disturbingly, it also installs two browser extensions, with one capable of uploading screenshots to associated domains.
Significantly, researchers noted that all these identified features are consistent with the behavior of remote access trojans (RATs) and other malicious software, which are frequently disseminated through online gambling platforms operating out of China.
Although not found on official app marketplaces, the Universe Browser can be downloaded directly from various casino websites for Windows and iOS devices. An Android Package Kit (APK) is also available for sideloading onto Android phones.
Infoblox’s investigation revealed that the browser is associated with a network of illicit gaming websites and cybercrime organizations based in Cambodia, forming part of a vast, multi-billion dollar cybercrime ecosystem across Southeast Asia. Evidence of the Universe Browser’s connections, including links to an online gambling company named BBIN and its subsidiaries, was found in various corporate and legal documents.
While direct proof of the Universe Browser’s malicious intent couldn’t be definitively established by the researchers, they assert that it possesses the capability to act as a potent tool for identifying affluent individuals and gaining unauthorized access to their computer systems.