A browser boasting impeccable safety for all its users has been revealed to have countless security concerns. The browser in question is known as the Universe Browser. The security issues were uncovered through a joint investigation by Infoblox Threat Intel, in collaboration with the United Nations Office on Drugs and Crime (UNODC) Regional Office for Southeast Asia and the Pacific, which examined illegal online gambling and fraud platforms operated by criminal networks based in Cambodia.
The browser
Advertised as “privacy-friendly”, the Universe Browser’s advertising claims it’s the fastest browser and that it will “keep you away from danger.” All appealing claims for anyone wanting to stay safe online.
But the browser has a particular target audience. The only place the browser is advertised is on Asian online gambling websites. These sites are usually run by BBIN, also known as the Baoying Group, a major online gambling company that calls itself the leading supplier of iGaming software in Asia.
The browser is available in versions for various devices, including Windows and Android. While it isn’t available on Google Play, the app can be found in Apple’s App Store.
The browser’s risks
The Universe browser is specifically designed for those in Asian countries where online gambling is restricted, allowing them to gamble without authorities catching on. So, targets may download it without considering the potential consequences and safety concerns.
One major concern is that the browser routes all connections through servers in China. It also secretly installs several programs that run silently in the background, has keylogging capabilities, and can modify a device’s network configurations. Once installed on the victim’s device, it tries to evade detection by antivirus tools and installs a browser extension that allows it to upload screenshots to domains linked in the browser. When the browser is in use, it pinpoints the user’s location, language, and whether it is running in a virtual machine.
These features are concerning because Chinese online gambling platforms have seen a rise in remote access trojans (RATs) and other malware being distributed. It also reflects a growing sophistication in these criminal networks, with the Universe browser having the potential to identify wealthy players and gain access to their devices.
Who’s behind it
The investigation found that the Baoying Group, the company behind the browser, has ties to one of Asia’s most prolific criminal organizations, the Suncity Group. Infoblox refers to this group as Vault Viper, building on their past discoveries related to threat actors and criminals involved in cyber fraud, online money laundering, human trafficking, and scam operations that use forced labor.
To learn more about the browser and the robust criminal networks responsible, refer to the original report.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.