CATEGORIES
home News

Sneaky Android Malware Impersonates Uber Android App To Steal Your Login Credentials

by Paul LillyThursday, January 04, 2018, 11:37 AM EDT
Android Eyeball

Malware writes are a shifty bunch. If anyone needs further proof of that, Symantec has it, in the form of a warning over a new Android "Fakeapp" malware variant that spoofs Uber, the popular ridesharing service, to cover its tracks. While it may look innocent, the Fakeapp malware pulls its usual dirty tricks, including the theft of personal and sensitive information such as credit card details.

"The Fakeapp variant we found had a spoofed Uber application user interface (UI) which pops up on the user’s device screen in regular intervals until the user gets tricked into entering their Uber ID (typically the registered phone number) and password," Symantec explains.

After receiving the pop-up, Android users who fall for the ruse enter in their login details, which ten get sent to a remote server. To the user, it seems like they're simply logging into Uber. The malware reinforces this even after the fact by displaying a screen of the legitimate app complete with the user's current location. Symantec points out that this would not normally arouse suspicion because that's what Uber users expect to see when logging in.

Fake Uber Login Screens
Fake Uber login screens. (Source: Symantec)

"This is where creators of this Fakeapp variant got creative. To show the said screen, the malware uses the deep link URI of the legitimate app that starts the app’s Ride Request activity, with the current location of the victim preloaded as the pickup point," Symantec added.

Deep links consist of URLs that navigate users to a specific part of an app. It is like a web URL, but for an application. The Fakeapp variant that Symantec discovered takes advantage of deep linking to cover its tracks. It's an effective ploy, and this particular strain preys on millions of Uber users around the world.

The typical recommendations apply—Symantec's advice is to make sure your software is up to date, refrain from downloading apps from unfamiliar sites, pay close attention to the permissions that apps request, make frequent backups, and of course it pitches installing a mobile security app such as Norton.
Tags:  Android, security, Symantec, uber, (nasdaq:goog)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment