Malicious Android software imitates Uber's layout to trick you into giving up your login details
Pablo Blazquez Dominguez / Getty
- A new variant of a long-running piece of Android malware now imitates parts of Uber's app to trick users into giving away their login credentials.
- Android Fakeapp malware poses as a legitimate app, then sniffs out your data and shows you ads for profit.
- Security firm Symantec described the Uber mimicry as a "novel monetisation technique."
- But as long as you stick to Android apps from Google's Play Store, you're pretty safe.
Long-running Android malware "Fakeapp" has a new tack to trick people into giving away confidential login information, by imitating Uber's user interface.
We first saw the news via Engadget.
Fakeapp is a trojan horse for Android which pretends to be a legitimate application and, when downloaded, also downloads additional files that sniff out your data and display you ads for profit.
According to Symantec, a new variant saw Fakeapp spoofing the layout of Uber's app. This would pop up on the user's screen periodically in an effort to get them to enter their confidential login details, such as their phone number and password.
Here's what it looks like:
The malware creators then got "creative" according to Symantec. Once you've entered your details, the malware deep links to a page from the legitimate Uber app - specifically the screen that shows your location and asks you where you want to go. Deep linking on mobile means linking to a specific bit of an app, rather than simply just launching the app.
As Symantec put it: "To show the said screen, the malware uses the deep link URI of the legitimate app that starts the app's Ride Request activity, with the current location of the victim preloaded as the pickup point.
"Deep links are URLs that take users directly to specific content in an app. Deep linking in Android is a way to identify a specific piece of content or functionality inside an app. It is much like a web URL, but for applications."
The risk of any of this affecting you is pretty low, especially if you stick to downloading apps from Google's Play Store, rather than a third-party app store. Both Symantec and McAfee classify Android FakeApp as low risk too.
An Uber spokesman told Engadget said the firm would probably spot unauthorised logins: "Because this phishing technique requires consumers to first download a malicious app from outside the official Play store, we recommend only downloading apps from trusted sources. However, we want to protect our users even if they make an honest mistake and that's why we put a collection of security controls and systems in place to help detect and block unauthorized logins even if you accidentally give away your password."
Next Story
I quit McKinsey after 1.5 years. I was making over $200k but my mental health was shattered.
Some Tesla factory workers realized they were laid off when security scanned their badges and sent them back on shuttles, sources say
I tutor the children of some of Dubai's richest people. One of them paid me $3,000 to do his homework.
Move over Bollywood, audio shows are starting to enter the coveted ‘100 Crores Club’
10 Powerful foods for lowering bad cholesterol
Eat Well, live well: 10 Potassium-rich foods to maintain healthy blood pressure
Bitcoin scam case: ED attaches assets worth over Rs 97 cr of Raj Kundra, Shilpa Shetty
IREDA's GIFT City branch to give special foreign currency loans for green projects
