Malware Mimics Uber Android App to Steal Passwords
As if all the trouble Uber has been through over the past year have not been enough, a new malware now specifically targets the users of the ride-hailing app. Uber users on Android are advised to watch out for a fake version of the app that mimics the Uber interface in order to steal their login credentials.
This malware is a version of FakeApp, now disguised by a fake Uber app overlay. FakeApp is a known Android malware app that has been hijacking phones to insert ads and steal information since 2012, according to ZDNet.
Symantec was one of the first groups to spot this fake app, which when installed, presents users with a convincing copy of the Uber app. Just like the real version, this app has fields which users can use to enter their phone number and Uber password.
Unlike the real Uber app, however, this fake version will send the information to another server, where it can be harvested for the benefit of identity thieves and scammers.
To stop users from panicking when the fake app does nothing, this fake Uber app goes one step further. It goes so far as to load a convincing version of a screen from the Uber app, the one that shows the map centered at the user's current location, as Engadget points out.
A representative from Uber warns users to only download trusted apps from the Google Play store, since this "phishing" app requires the user to download and install it in the first place in order for it to be able to work.
"However, we want to protect our users even if they make an honest mistake and that's why we put a collection of security controls and systems in place to help detect and block unauthorized logins even if you accidentally give away your password," the Uber spokesperson added.