Versions of Baidu Web Browser Pilfering Data & Acting as Infostealer Virus

The Baidu web browser application is a clone of Google Chrome. Baidu, just like Google Chrome, utilizes its similar search engine being the Baidu site, which is the Chinese version of the leading internet search engine site. Fundamentally, you can think of Baidu being a Chinese version of Google.

In the recent findings by Citizen Lab researchers, the Baidu web browser is engaging in questionable activities stealing data just like an Infostealer Virus, which are threats categorized as complex malware infections that aim at taking information from a compromised computer. You can think of Infostealer threats as computer viruses that seek out data stored on an infected and compromised computer and later takes the stolen data and send it to a remote attacker who can use it in any way they see fit.

In recent tests, the Baidu browser on Windows desktop PCs are collecting data about the user's web browsing history, CPU model, hard drive model, hard drive serial number, MAC address, and the system volume number. However, the Baidu browser found on Android devices performs similar functions, such as collecting data about the operating system, browsing history, search term history, local MAC address, nearby wireless networks, and the latest GPS coordinates.

Upon startup of a device running the Baidu browser in the latest version affected by its Infostealer Virus abilities, the browser will automatically start collecting data. All text typed into the URL field or a field on any web page is collected and sent to through an encrypted or unencrypted connections to a Baidu home server.

The invasion of privacy through the use of the Baidu browser is unacceptable. However, security experts are confident that the root cause of Baidu acting like an Infostealer Virus is not at the hands of its developers. Such behavior of Baidu has been traced to an SDK (software development kit). Researchers have identified the issue coming from a common SDK used for both Android and Windows in offering Baidu to computer users. Therein lies the problem with Baidu being an Infostealer. When Baidu checks for and downloads updates, a MitM (Man-in-the-Middle) attack is taking place allowing an attacker to send malicious files to the computer user's updated Baidu web browser application.

Since the discovery of Baidu exhaling Infostealer Virus behavior, Baidu was informed of the issue and answered a list of questions regarding the recent behavior of the browser. The company then started rolling out Baidu updates for both Android and Windows versions on February 14, 2016. However, there are countless versions of Baidu still active with Infostealer Virus abilities and are expected to keep causing potential privacy issues for those users.

Users of Baidu, no matter the version, are urged to perform updates and ensure they are running the most recent version for both Android and Windows.