Android Malware Steals Uber Logins, Then Covers it Up

Written by

Symantec has discovered Android malware that steals Uber credentials and covers it up with the use of deep links.

As explained in a blog post on the firm’s website, the Android.Fakeapp variant uses a spoofed Uber app interface that pops up on the users screen at regular intervals to trick them into entering their Uber ID and password. Once they do and click Next the credentials are sent to a remote server.

To make the heist seem legitimate and avoid alarming the victim, the malware then uses the deep link URI of the real app to display a screen which shows the user’s location, something that would be expected when using Uber and is unlikely to raise suspicion.

In terms of mitigation, Symantec advised users to follow these best practices:

  • Keep your software up to date
  • Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources
  • Pay close attention to the permissions requested by apps
  • Install a suitable mobile security app, such as Norton, to protect your device and data
  • Make frequent backups of important data

Nick Shaw, EMEA vice-president and general manager at Norton by Symantec, added that users should think before they click: “Unsolicited communications may not be what they seem so use caution with any link delivered to you and always read the message first. Go directly to the website instead of clicking a link supplied.”

What’s hot on Infosecurity Magazine?