Malicious Android software imitates Uber's layout to trick you into giving up your login details
Pablo Blazquez Dominguez / Getty
- A new variant of a long-running piece of Android malware now imitates parts of Uber's app to trick users into giving away their login credentials.
- Android Fakeapp malware poses as a legitimate app, then sniffs out your data and shows you ads for profit.
- Security firm Symantec described the Uber mimicry as a "novel monetisation technique."
- But as long as you stick to Android apps from Google's Play Store, you're pretty safe.
We first saw the news via Engadget.Advertisement
Long-running Android malware "Fakeapp" has a new tack to trick people into giving away confidential login information, by imitating Uber's user interface.
Fakeapp is a trojan horse for Android which pretends to be a legitimate application and, when downloaded, also downloads additional files that sniff out your data and display you ads for profit.
According to Symantec, a new variant saw Fakeapp spoofing the layout of Uber's app. This would pop up on the user's screen periodically in an effort to get them to enter their confidential login details, such as their phone number and password.Here's what it looks like:
"Deep links are URLs that take users directly to specific content in an app. Deep linking in Android is a way to identify a specific piece of content or functionality inside an app. It is much like a web URL, but for applications."
The risk of any of this affecting you is pretty low, especially if you stick to downloading apps from Google's Play Store, rather than a third-party app store. Both Symantec and McAfee classify Android FakeApp as low risk too.An Uber spokesman told Engadget said the firm would probably spot unauthorised logins: "Because this phishing technique requires consumers to first download a malicious app from outside the official Play store, we recommend only downloading apps from trusted sources. However, we want to protect our users even if they make an honest mistake and that's why we put a collection of security controls and systems in place to help detect and block unauthorized logins even if you accidentally give away your password."Advertisement
- ASHAs integral pillars of Rajasthan's COVID-19 response: Health ministry
- Delhi's COVID tally nears one lakh with 2,505 more cases
- Goa COVID-19 combat: Ministers to coordinate at taluka level
- Sunday lockdown: People stay indoors in Karnataka to check coronavirus spread
- TN records 4,150 new cases; 60 deaths due to COVID-19