A browsing app for Android devices, Web Explorer – Fast Internet, left open its Firebase instance, exposing app and user data, the Cybernews research team has discovered.
Firebase is a mobile application development platform that offers many features, including analytics, hosting, and real-time cloud storage.
Web Explorer – Fast Internet is a browsing app with over five million downloads on the Google Play store. It boasts of increasing browsing speed by 30% and has a user rating average of 4.4 out of five stars, across more than 58,000 reviews.
According to the team, the open Firebase instance contained days’ worth of redirect data, presented by user ID. This included country, redirect initiating address, redirect destination address, and user country.
“If threat actors could de-anonymize the app’s users, they would be able to check a bunch of information on browsing history for a specific user and use it for extortion,” Cybernews researchers said.
However, getting their hands on the data that Web Explorer – Fast Internet left exposed would not be enough by itself. A threat actor would also have to seek out where app developers store additional user data. That said, cross-referencing the leaked data with additional details could amplify any damage done to the app’s users.
The new findings illustrate the threat actor’s continued abuse of Internet Explorer flaws such as CVE-2020-1380 and CVE-2021-26411 to drop backdoors like BLUELIGHT and Dolphin, the latter of which was disclosed by Slovak cybersecurity firm ESET late last month.
Another key tool in its arsenal is RokRat, a Windows-based remote access trojan that comes with a wide range of functions that allow it to capture screenshots, log keystrokes, and even harvest Bluetooth device information.
