Uber users are at risk as an Android fake app mimicking the user interface of the real Uber app is trying to steal away login credentials. The new Android malware, however, is not widespread and most Uber users are not impacted.
How this new Android malware works
The new Android malware, first discovered by Symantec, keeps appearing on the screen and asks for the credentials such as the phone number and password of the user at regular intervals. Once the user enters the details, the malware sends it to the remote server. Thereafter, it is up to hackers how they want to use the captured information. They can either use it to compromise the accounts or simply sell it on the black market.
Back in 2015, hackers offered thousands of stolen accounts for $1 each before there was an oversupply of data, and the price fell to 40 cents per account, notes DailyBeast. The majority of these accounts were compromised because the user put the same password in for their Uber accounts as in the websites that were already hacked.
Breached accounts can also be used for other Uber related scams, such as when a hacker poses as the driver and customer both, and spoofing the company, or when running their own illegitimate network of Uber drivers.
The Android malware looks so real that it is almost impossible for a layman to segregate the fake from the real. The fake app even loads from the original Uber screen, showing the location of the user after pressing enter. It does this by deep linking to a URL in the real app that starts the Ride Request activity after tracking the pickup point, notes Engadget.
“Deep links are URLs that take users directly to specific content in an app,” says Symantec.
“To avoid alarming the user, the malware displays a screen of the legitimate app that shows the user’s current location, which would not normally arouse suspicion because that’s what’s expected of the actual app,” says Symantec threat analysis engineer Dinesh Venkatesan.
The latest malware showcases the hackers’ continuous quest to find new social engineering techniques to trick and steal from unsuspecting users, notes Venkatesan.
How to keep yourself safe
Since the malware has not hit the Google Play Store, only those who would be affected would be users who frequently download apps from some third-party sources.
“We don’t anticipate such an app to be in widescale distribution,” Symantec said.
Symantec suggests users download apps from trusted sources. Additionally, they should monitor the permissions that apps are requesting, and use the mobile security tools to safeguard their phones. Anywhere between 100 million and 500 million times, Uber for Android has been downloaded from the Google Play Store as per the statistics. This number will also include some users who were part of a breach involving approximately 57 million accounts, the details of which were offered by the company last year.
Just last month, the security firm Avast picked up on a similar malware. The malware masquerades as common Android apps such as Chrome and thousands of different banking apps, to take away the credentials.