The latest versions of UC Browser and UC Browser Mini Android apps expose their users to URL spoofing attacks. Attackers can change the URL displayed in the address bar of a web browser to trick their targets into thinking the loaded website is controlled by a trusted party. Unaware targets can be led to domains they control and camouflaging them as high-profile websites allowing potential attackers to steal their victims’ information using phishing landing pages or to drop malware on their computers via malvertising campaigns. UCWeb hasn’t yet issued a patch even though the issue was responsibly disclosed by a security researcher on April 30, 2019.
Source: https://www.bleepingcomputer.com/news/security/uc-browser-for-android-vulnerable-to-url-spoofing-attacks/