Be Wary: This new Android malware that poses as Uber to steal passwords

Be Wary: This new Android malware that poses as Uber to steal passwords

They said it not only uses an overlay attack – mirroring real software in an attempt to dupe victims into revealing data – but also tries to cover up the heist.

"To avoid alarming the user, the malware displays a screen of the legitimate app that shows the user's current location, which would not normally arouse suspicion because that's what's expected of the actual app," explained Symantec threat expert DineshVenkatesan.

"This is where creators of this Fakeapp variant got creative," he continued. "To show the said screen, the malware uses the deep link URL of the legitimate app that starts the app's Ride Request activity, with the current location of the victim preloaded as the pickup point."

By exploiting the services of the real app, hackers have a better chance of staying hidden on a device. Meanwhile behind the scenes, stolen credentials are being sent to an external server.

Advertisement 
10% Off at Maclocks.com CODE:LL10

Alongside passwords, one aim of the software – which is circulating on third-party markets – is to steal credit card details, which are often entered into mobile applications. According to Venkatesan, the FakeAppmalware should now be "of particular concern to Uber users"/

In an email to The Daily Beast, an Uber spokesperson said: "We recommend only downloading apps from trusted sources." The public relations contact said that systems were already in place to help users "detect and block" unauthorised login attempts using hijacked passwords.

There is currently no evidence the variant has made its way to the official Google app store, meaning that the total number of infections is likely to remain relatively low at this time.

"This case again demonstrates malware authors' neverending quest for finding new social engineering techniques to trick and steal from unwitting users," Venkatesan wrote. Symantec said there are a number of steps Android users can take to stay protected:

  • Keep software up to date
  • Refrain from downloading apps from unfamiliar sites
  • Pay close attention to the permissions requested by apps
  • Make frequent backups of important data

On the dark web, an underground internet which is used by hackers to sell stolen credentials, login details are commonplace – and as a result, cheap. Single Uber accounts can cost as little as $1.

 

 

Share this post

Submit to DeliciousSubmit to DiggSubmit to FacebookSubmit to Google PlusSubmit to StumbleuponSubmit to TechnoratiSubmit to TwitterSubmit to LinkedIn

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top

More Cyber News