Maxthon browser forwards data to server in China without permission

Researchers from the Polish security firm Exatel and Fidelis Cybersecurity from the US have discovered that the Maxthon browser developed in China regularly sends sensitive information to a server in the Chinese capital Beijing, even if users do not want it.

The information in the ueipdata.zip file contains an encrypted file called.txt. The researchers found the file’s security key and found that the file stores information about the operating system, the CPU, the status of any adblocker, the addresses of all websites visited, including all online searches, and the installed applications with version numbers.

The data collected in the ueipdata.zip file is not necessarily stored without the user’s knowledge. While installing the Maxthon browser, the software asks if the user wants to participate in the User Experience Improvement Program or UEIP. According to the description of the program, it is voluntary and completely anonymous.

If the user experience improvement program is not checked, the browser appears to create the ueipdata.zip file anyway. On the Maxthon forum, a browser builder moderator states that if the UEIP box is not checked, only ‘basic information’ will be collected. This is not the case, the researchers found.

According to CSO Justin Harvey of Fidelis Cybersecurity, the information that is returned is sufficient to carry out a targeted attack. It’s “all you want for a recon to learn what to attack,” Harvey told Threat Geek. The research is at Exatel.