Security experts revealed that the Maxthon web browser collects sensitive information and sends it to a server in China.
Researchers at Fidelis Cybersecurity and Poland-based Exatel have lately discovered that the web browser Maxthon has been sending detailed information of its users, such as their browsing history and other installed applications to a browser in Beijing and is prone to man-in-the-middle (MitM) attacks.
The browser regularly sends a small encrypted ZIP file containing the user’s entire browsing history, including Google searches, queries and a complete list of software installed on the user’s computer, all without the prior authorization of the user, according to a recent report released by the firms. Information about the system includes the CPU, memory, the adblocker status and the startpage.
Using this information, if attackers obtained the user’s email they could send a message, authenticated by its content, containing an attachment armed with a remote code execution exploit that could compromise the user’s device, the report said.
Moreover, the data collected could be analyzed for identifying targets based on the URLs users browse and applications on their devices which can be cross referenced with a vulnerability database to learn what sort of spearphishing attacks would work against them, Fidelis Cybersecurity Chief Security Officer Justin Harvey told SCMagazine.com via emailed comments.
Researchers further said that the creators of the browser inform on their website that it was created with the thought of ensuring security and privacy to the users in the light of scandals related to violation of the privacy by the American National Security Agency (NSA). Many users appear to be fond of the browser specifically because the creators don’t share data with the NSA.
The browser is available for all major platforms in more than 50 languages and it is unclear how long Maxthon has been collecting this information.