Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Universe Browser makes some big promises to its potential users. Its online ads claim that it’s the “fastest browser,” that people using it will “avoid privacy leaks,” and that the software will help “keep you out of harm’s way.” However, perhaps all is not as it seems.
The browser, which is linked to Chinese online gambling websites and is believed to have been downloaded millions of times, actually routes all Internet traffic through servers in China and “secretly installs several programs that run silently in the background.” New search From the network security company Infoblox. Researchers say the “hidden” elements include malware-like features – including “key logging, secret connections” and changing a device’s network connection.
Perhaps most notably, Infoblox researchers who collaborated with the United Nations Office on Drugs and Crime (UNODC) found links between the operation of the browser and its spread in Southeast Asia. The multi-billion dollar cybercrime ecosystemIncluding money-laundering, illegal online gambling, human trafficking and Scam operations that use forced labor. The browser itself, the researchers say, is directly connected to a network surrounding major online gambling company BBIN, which the researchers identified as a threat group they call Vault Viper.
Researchers say the browser discovery — and its suspicious and risky behavior — indicates that criminals in the region are becoming increasingly sophisticated. “These criminal groups, particularly Chinese organized crime syndicates, are increasingly diversifying and evolving within that whole ecosystem of cyber-enabled fraud, hog killing, impersonation, scams,” said John Wojcik, a senior threat researcher at Infoblox, who worked on the project while a staff member at UNODC.
“They’re going to double down, reinvest profits, develop new capabilities,” Wojcik said. “The threat is ultimately becoming more serious and worrisome and this is an example of where we see it.”
Under the hood
The Universe Browser was first seen—and mentioned in the name— by Infoblox and UNODC earlier this year when they began unpacking the digital systems around an online casino operation. Based on Cambodia, which was in the past raids by law enforcement agencies Officials at Infoblox, which specializes in domain name system (DNS) management and security, identified a unique DNS fingerprint from the systems they linked to Vault Viper, making it possible for researchers to trace and map websites and infrastructure linked to the group.
Hundreds of thousands of web domains, as well as various command-and-control infrastructures and registered companies, are linked to Vault Viper activity, Infoblox researchers said in a report shared with WIRED. They also say they have examined hundreds of pages of corporate documents, legal records and court filings with links to BBIN or other subsidiaries. Again and again, they came to Universe Browser Online.
“We have not seen Universe Browser advertise outside of the Vault Viper control domain,” said Mayel Le Touge, threat researcher at Infoblox. Infoblox reports that the browser is “specifically” designed to help people in Asia—where online gambling is largely illegal—bypass restrictions. “Every one of the casino websites they operate seems to have a link and an ad,” Le Touz said.
