The Universe Browser makes some big promises to its potential users. The online advertisements claim that it is the “fastest browser”, that people who use it will “avoid privacy leaks” and that the software will help “keep you away from danger”. But probably not everything is as it seems.
The browser, which is linked to Chinese online gambling websites and is believed to have been downloaded millions of times, actually routes all Internet traffic through servers in China and “covertly installs various programs that run silently in the background,” according to new findings from network security firm Infoblox. The researchers say the “hidden” elements include features similar to malware, including “key logging, stealth connections” and altering a device's network connections.
Perhaps most importantly, the Infoblox researchers working with the United Nations Office on Drugs and Crime (UNODC) found links between the browser's operation and Southeast Asia's vast, multibillion-dollar cybercrime ecosystem, linked to money laundering, illegal online gambling, human trafficking and scam operations using forced labor. The browser itself, the researchers say, is directly linked to a network surrounding the major online gambling company BBIN, which the researchers have labeled a threat group they call Vault Viper.
The researchers say the discovery of the browser – plus its suspicious and risky behavior – indicates that criminals in the region are becoming increasingly sophisticated. “These criminal groups, especially the Chinese organized crime syndicates, are increasingly diversifying and moving into cyber fraud, pig slaughter, impersonation, scams, that whole ecosystem,” said John Wojcik, a senior threat researcher at Infoblox, who also worked on the project when he was a staff member at UNODC.
“They will continue to double down, reinvest profits and develop new capabilities,” Wojcik says. “The threat is ultimately becoming more serious and worrying, and this is an example of where we see that.”
