‘Privacy Friendly’ Universe Browser Behaves Like Malware With Keylogging and Disabled Security Tools, Warn Researchers

The Universe Browser's features were reported to be consistent with remote access trojans (RATs) and other malware.

Written by Shaurya Tomer, Edited by Ketan Pratap | Updated: 24 October 2025 14:55 IST
Photo Credit: Unsplash/Desola Lanre-Ologun

The browser can be downloaded from casino websites for Windows and iOS devices

Highlights
  • The browser reportedly routes traffic through servers located in China
  • It can log keystrokes, alter device settings, and block security tools
  • Report says it is linked to illegal gambling sites and cybercrime groups
Cybersecurity researchers have warned about a “privacy-friendly” web browser that can act as malware itself, according to a report. Dubbed the Universe Browser, it is said to have an install base in millions and raises security implications for users. The browser reportedly routes its connections through servers in China and quietly installs several programs that covertly run in the background. Researchers say its hidden elements include keylogging, changes to the network configurations of the device, and surreptitious connections.

Universe Browser and Its Threats

Cybersecurity firm Infoblox, in collaboration with the United Nations Office on Drugs and Crime (UNODC) Regional Office for Southeast Asia and the Pacific, shared the findings about the Universe Browser in a report.

As per the researchers, the web browser, advertised as “privacy-friendly”, has hidden features such as keylogging, which can record every keystroke that a user types on a keyboard. It is also claimed to have background activity that alters device settings and discreet connections to external servers. The Universe Browser can disable right-click menus, developer tools, and even key browser security protections.

The report states that the browser checks for the user's location, language, and whether it is running a virtual machine upon launch. It is also said to install two browser extensions, one of which can allow screenshots to be uploaded to domains linked to it.

All of these features, notably, were reported to be consistent with remote access trojans (RATs) and other malware, which is increasingly spreading via online gambling platforms based in China.

While it isn't available on the Google Play Store, researchers highlighted that the browser can be downloaded from casino websites for Windows and iOS devices. It is also available as an APK for sideloading onto Android devices.

The cybersecurity firm discovered that it was linked to a network of illegal gaming websites and cybercrime groups that operate in Cambodia, part of a multibillion-dollar cybercrime ecosystem in Southeast Asia. Several references to the Universe Browser were found in corporate documents, legal records, and court filings, including links to an online gambling company called BBIN and its subsidiaries.

Although researchers were unable to verify if the Universe Browser was used for malicious purposes, it reportedly has the potential to serve as a tool for identifying “wealthy players and obtain access to their machines.”

Further reading: Universe Browser, Cybersecurity

Further reading: Universe Browser, Cybersecurity
Shaurya Tomer
Shaurya Tomer
Shaurya Tomer is a Sub Editor at Gadgets 360 with 2 years of experience across a diverse spectrum of topics. With a particular focus on smartphones, gadgets and the ever-evolving landscape of artificial intelligence (AI), he often likes to explore the industry's intricacies and innovations – whether dissecting the latest smartphone release or exploring the ethical implications of AI advancements. In his free time, he often embarks on impromptu road trips to unwind, recharge, and ...More
