Maxthon, your friendly spyware browser

[th3rEsa]

Well...

 

To sum up the above considerations: the Maxthon browser is not secure. It allows conducting the targeted attack on a selected user by revealing the browser authors the complete list of exact versions of programms, some of which may be vulnerable, also providing them with user’s browsing history and Google searches.

 

Beware.

[oldtimefighter]

I will need more than this random very poorly written "advisory" with few details. Why a PDF? The title is strange and not professional -->“I will be very surprised if this comes to light”

[Anibal P]

On 7/15/2016 at 8:37 AM, oldtimefighter said:

I will need more than this random very poorly written "advisory" with few details. Why a PDF? The title is strange and not professional -->“I will be very surprised if this comes to light”

This a better source?  This was one of quite a few that popped up with a simple google search for maxthon and spyware 

 

https://news.ycombinator.com/item?id=12094930

 

[oldtimefighter]

3 hours ago, Anibal P said:

This a better source?  This was one of quite a few that popped up with a simple google search for maxthon and spyware 

 

https://news.ycombinator.com/item?id=12094930

 

I don't use the Maxthon Browser so it's of little interest to me. I wonder when a English speaking security or tech site is going to pick up this "story". What I didn't know is Maxthon is a browser from a Chinese company based in Beijing. This is a surprise? LOL No one should be using software from a Chinese or Russian company (or hardware for that matter).

[xendrome]

Read random PDF on internet, BELIEVE IT... MUST.. SPREAD.. THE.. WORD... #!@#$@#!!!!!!!!!

 

I agree with the above, second of all I wouldn't click the PDF link in the OP.

[Jim K Global Moderator]

Just to add ...

 

From ThreatGeek ... which is a branch(?) off of Fidelis Cybersecurity 

 

Quote

One of our trusted partners from Poland, Exatel S.A., has discovered that a web browser developed by Maxthon, a company from China, has been collecting sensitive data from its users.  The Maxthon browser has anywhere from .75-1% of the global browser market, and has been estimated to be 2-3% of China’s own domestic browser market.  Total global user count is estimated to be in the hundreds of millions.

 

Using the Fidelis Network solution, Exatel found that there was a periodic upload of encrypted content to China from the Maxthon browser.  The uploaded content-type was purported to be “image/pjpeg”, but Fidelis had found that the filename was actually a zip and there was a dat.txt file included. 

 

/snip

 

I think that this discovery raises two very important points:

Companies, countries and users need to be aware of the potentially egregious data capture happening through installed applications and leaving their respective organizations (and endpoints). Organizations such as Citizenlab have also published similar discoveries but there is still relatively low awareness of these practices.

“Trust, but verify”: Often we’re installing software onto our endpoints at home and at work, but we’re not verifying that the code is doing what it is purported to do. Visibility into both the network and endpoints has become critical for organizations.

Exatel’s discovery is a great example of verifying and validating traffic.  We look forward to the opportunity to highlight more discoveries from our customers and partners.

They have a breakdown of the concerns here ....

http://www.threatgeek.com/2016/07/chinese-web-browsers-perfect-reconnaissance-tool.html

 

Regarding Fidelis Cybersecurity ... they are legit .... being acquired by General Dynamics in 2012 and later acquired by another firm.

 

I've heard of the Maxthon browser ... but have never used ... most certainly will not now.

 

[th3rEsa]

27 minutes ago, xendrome said:

Read random PDF on internet, BELIEVE IT... MUST.. SPREAD.. THE.. WORD... #!@#$@#!!!!!!!!!

Read xendrome on Neowin.

Bad idea,

[SharpGreen]

57 minutes ago, oldtimefighter said:

I don't use the Maxthon Browser so it's of little interest to me. I wonder when a English speaking security or tech site is going to pick up this "story". What I didn't know is Maxthon is a browser from a Chinese company based in Beijing. This is a surprise? LOL No one should be using software from a Chinese or Russian company (or hardware for that matter).

Then I guess its time to throw out your computer and your phone then, and any game consoles you have. They're all manufactured by chinese companies.

[goretsky Supervisor]

Hello,

This came pre-loaded on a notebook computer I purchased.  I had disabled its auto-start routines, but otherwise left it in place.  I did leave its update service running, though, and one day when I started my computer, Maxthon popped up after I logged in and showed me a page of celebrity news.

 

I uninstalled it after that, and notified the notebook manufacturer.  Apparently, they had already stopped distributing it in their pre-loads.

 

Regards,

Aryeh Goretsky

 

[oldtimefighter]

5 hours ago, SharpGreen said:

Then I guess its time to throw out your computer and your phone then, and any game consoles you have. They're all manufactured by chinese companies.

Well, you can only speak for your ###### and NOT mine... Maybe if you had been reading carefully you would have noticed I was speaking of Maxthon being software from a Chinese COMPANY which would also apply to hardware as in I am NOT specificity referring to where said hardware is made.

Edited July 18, 2016 by oldtimefighter

[exotoxic]

It's called Maxthon cloud browser, session data can be synced with multiple devices. It used to be pretty good back when it was MyIE2.