A browser promising privacy protection has been exposed as sophisticated malware with links to Asian cybercrime networks. The Universe Browser, downloaded millions of times, actually routes all traffic through Chinese servers while secretly installing keyloggers and other malicious software. Researchers from Infoblox and the UN Office on Drugs and Crime have traced the browser to major gambling company BBIN and Southeast Asia's multibillion-dollar cybercrime ecosystem.
The privacy browser market just got a major wake-up call. What millions of users thought was protecting their online activity was actually doing the exact opposite - harvesting their data and routing everything through Chinese servers.
The Universe Browser markets itself with bold promises about being the "fastest browser" that helps users "avoid privacy leaks" and "keep you away from danger." But Infoblox researchers working with the United Nations Office on Drugs and Crime have uncovered a far more sinister reality. The browser doesn't just fail to protect privacy - it actively undermines it through "covert installation of several programs that run silently in the background," according to their detailed investigation.
The hidden arsenal includes keyloggers that capture everything users type, screenshot tools that can upload images to external domains, and systems that immediately check a user's location and whether they're running security software. "The app also installs two browser extensions: one of which can allow screenshots to be uploaded to domains linked to the browser," the researchers revealed.
What makes this discovery particularly alarming is the browser's connection to Vault Viper, a threat group linked to major Asian gambling company BBIN. "We haven't seen the Universe Browser advertised outside of the domains Vault Viper controls," Maël Le Touz, a threat researcher at Infoblox, told investigators. The browser appears almost exclusively on Chinese-language gambling websites where online betting is illegal.
BBIN itself operates as what researchers call "a multi-billion dollar gray-area international conglomerate with deep criminal connections," according to Jeremy Douglas, chief of staff at the UNODC. The company has legitimate-seeming partnerships with major European soccer teams like Atlético Madrid and Borussia Dortmund, but researchers say it's deeply embedded in Southeast Asia's sprawling cybercrime ecosystem.
