They said it not only uses an overlay attack – mirroring real software in an attempt to dupe victims into revealing data – but also tries to cover up the heist.
"To avoid alarming the user, the malware displays a screen of the legitimate app that shows the user's current location, which would not normally arouse suspicion because that's what's expected of the actual app," explained Symantec threat expert DineshVenkatesan.
"This is where creators of this Fakeapp variant got creative," he continued. "To show the said screen, the malware uses the deep link URL of the legitimate app that starts the app's Ride Request activity, with the current location of the victim preloaded as the pickup point."
By exploiting the services of the real app, hackers have a better chance of staying hidden on a device. Meanwhile behind the scenes, stolen credentials are being sent to an external server.
Alongside passwords, one aim of the software – which is circulating on third-party markets – is to steal credit card details, which are often entered into mobile applications. According to Venkatesan, the FakeAppmalware should now be "of particular concern to Uber users"/
In an email to The Daily Beast, an Uber spokesperson said: "We recommend only downloading apps from trusted sources." The public relations contact said that systems were already in place to help users "detect and block" unauthorised login attempts using hijacked passwords.
There is currently no evidence the variant has made its way to the official Google app store, meaning that the total number of infections is likely to remain relatively low at this time.
"This case again demonstrates malware authors' neverending quest for finding new social engineering techniques to trick and steal from unwitting users," Venkatesan wrote. Symantec said there are a number of steps Android users can take to stay protected:
- Keep software up to date
- Refrain from downloading apps from unfamiliar sites
- Pay close attention to the permissions requested by apps
- Make frequent backups of important data
On the dark web, an underground internet which is used by hackers to sell stolen credentials, login details are commonplace – and as a result, cheap. Single Uber accounts can cost as little as $1.
- Understanding and Stopping Criminal Identity Theft
- UK local councils under massive cyber attack pressure
- Atos investigates breach linked to Winter Olympics cyber attack
- Russian Scientists Arrested for Mining Cryptocurrency at Nuclear Facility
- Hackers hijack millions of Android devices to secretly mine Monero in drive-by cryptomining scheme