Researchers at Symantec, most known for its Norton product line, have discovered malware that spoofs Uber’s Android app. The malware gets a hold of users’ passwords, allowing the attackers to take over their accounts.
To be able to steal a user’s login information, the malware prompts the user to enter their Uber username and password by popping up on the screen consistently. If the user does enter their information, it is harvested by the attacker. What makes it particularly malicious is that the malware uses deep links to Uber’s legitimate app and displays the user’s current location, making it look like the user is accessing the real Uber app.
Symantec analysis engineer Dinesh Venkatesan wrote about the malware in a statement on the official Symantec website:
“To avoid alarming the user, the malware displays a screen of the legitimate app that shows the user’s current location, which would not normally arouse suspicion because that’s what’s expected of the actual app. This case again demonstrates malware authors’ neverending quest for finding new social engineering techniques to trick and steal from unwitting users.”
The silver lining is that the malware is not available in the Google Play store so users would have had to download it from another source. Also, the fake app is not anticipated to be distributed on a wider scale, but do be careful with apps from untrustworthy sources!