Baidu Browser Takes on Infostealer Behavior

Web-browser Baidu that's usable on Android and Windows displays activity such that it can be clearly described an infostealer for the reason it garners the user's information followed with transmitting the same onto its remote server. Softpedia.com posted this, February 24, 2016.

An imitation of Internet giant Google's web browser Chrome, Baidu Browser belongs to China where Baidu is an organization for Web search similar as Google. Moreover, Baidu Browser is an offshoot of the Chromium venture, similar as Google Chrome.

A report by Citizen Lab indicates that Baidu Browser in Android transmits an end-user's GPS coordinates as well as the end update time; keywords for online-search typed inside the browser's address bar; along with the web-addresses accessed, devoid of encryption. The Baidu further transmits the distinct IMEI number of the Android phone along with the local wireless networks as well as signal strengths and MAC addresses via one badly-enforced encryption process.

On Microsoft's Windows computers, the Baidu Browser sends the number model of hard drive; the MAC address from the network, the webpages' titles and URL along with the model number of CPU. The browser both gathers this information and transmits it during booting when the end-user begins entering matter inside his address bar, as well as within page view. As both Windows and Android versions of Baidu Browser misses on safeguarding software updates, it gives hackers the opportunity for running sinister operations.

However, it isn't only in China that Baidu could be stealing and exposing data. The Canadians are also scared since the software creation toolkit of Baidu Browser has been repurposed as well as used within numerous other applications that third-parties and Baidu developed, impacting probably an uncountable number of end-users.

Another problem with Baidu Browser is that although it downloads updates after checking them, it doesn't utilize code signatures. Doing this makes end-users vulnerable to man-in-the-middle assaults which let an attacker transmit malevolent matter to them masquerading as Baidu update.

Baidu has been notified about all the problems with the browser, The Company has begun dealing with them via issuing updates for Windows and Android versions 14th February 2016.

» SPAMfighter News - 3/2/2016