Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Universe Browser makes some big promises to its potential users. Its online ads claim that it is the “fastest browser,” that people using it will “avoid privacy leaks,” and that the software will help “keep you out of danger.” However, it is likely that all is not as it seems.
The browser, which is linked to Chinese online gambling sites and is believed to have been downloaded millions of times, actually routes all its internet traffic through servers in China and “secretly installs various programs that run silently in the background,” according to the site. New results From network security company Infoblox. Researchers say the “hidden” elements include features similar to malware, including “keylogging, stealth connections,” and changing a device’s network connections.
Perhaps most importantly, Infoblox researchers who collaborated with the United Nations Office on Drugs and Crime (UNODC) in the work found links between browser operation and the sprawling situation in Southeast Asia, Multi-billion dollar cybercrime ecosystemwhich has links to money laundering, illegal online gambling, human trafficking, and Frauds that use forced labor. Researchers say the browser itself is directly linked to a network around major online gambling company BBIN, which the researchers described as a threat group they called Vault Viper.
The discovery of the browser, combined with its suspicious and dangerous behavior, suggests that criminals in the region are becoming increasingly sophisticated, researchers say. “These criminal groups, especially Chinese organized crime gangs, are increasingly diversifying and evolving into cyber fraud, pig slaughter, impersonation, fraud, that whole ecosystem,” says John Wojcik, a senior threat researcher at Infoblox, who also worked on the project while at UNODC.
“They will continue to double down, reinvest profits, and develop new capabilities,” Wojcik says. “The threat is ultimately becoming more serious and worrying, and this is one example of where we see that.”
Under the hood
Universe Browser was spotted for the first time, and Mentioned by name– By Infoblox and the United Nations Office on Drugs and Crime at the beginning of this year when they began dismantling digital systems around an online casino operation Based on In Cambodia, which was previously Raid by law enforcement Officials. Infoblox, which specializes in Domain Name System (DNS) management and security, discovered a unique DNS fingerprint from those systems that it linked to Vault Viper, allowing researchers to track and map websites and infrastructure associated with the group.
Tens of thousands of web domains, as well as various command and control infrastructure and registered companies, are linked to Vault Viper activity, Infoblox researchers say in a report shared with WIRED. They also say they examined hundreds of pages of company documents, legal records and court filings that have links to BBIN or other affiliates. Time and time again, they came across Universe Browser online.
“We have not seen an advertisement for Universe Browser outside of the domains controlled by Vault Viper,” says Maël Le Touz, threat researcher at Infoblox. The Infoblox report says the browser is “specifically” designed to help people in Asia — where online gambling is largely illegal — bypass restrictions. “It seems like every casino site they run has a link and an ad for it,” says Le Toz.