Millions of people have become victims of a FakeApp that is using new tricks to cheat Uber users around the world.
Security researchers from Symantec corporation have found parts of a new Android malware that is trying to steal passwords, credit card details and phone password of uber users before covering up its own tracks.
Hackers are using this malware, which is a variant of FakeApp as a trojan in android to display advertisements and collect sensitive information for all Uber users.
According to Symantec:
the malware uses the deep link URI of the legitimate app that starts the app’s Ride Request activity, with the current location of the victim preloaded as the pickup point.
when the user clicks the Next button the malware sends all data to the remote server and that’s what hackers need. The malware also tries to cover up the steal by displaying a screen of the legal app that shows the current location of the user, and that would not regularly arouse doubt because that’s what’s expected of the original app.
However, the Android malware appears in a fake way on the image of Uber user interface to frequently pop-up on a target’s device stealing users ID, passwords and credit card details also other web accounts if it has the same passwords.
Users are recommended to keep software up to date, download apps only from the official stores, and pay close attention to the permissions asked by apps.