New Android hack steals Uber credentials, covers its tracks
Security researchers find malware that uses ‘deep links’ to Uber app to fool users
Android users have been warned to be on their guard after new malware that steals Uber credentials was uncovered.
Symantec published research on a variant of the Android.Fakeapp malware that covers its tracks by using deep links within the Uber app to make it look legitimate.
The software works by spoofing Uber’s user interface and tricking the user into entering their login details. Once that happens, the information is sent to a remote server.
But to allay any suspicions, the Fakeapp malware uses a deep link - a URL that takes users to specific content within an app - to show the user’s current location on the Uber app, giving it the appearance of a genuine request.
“This case again demonstrates malware authors’ never-ending quest for finding new social engineering techniques to trick and steal from unwitting users,” Dinesh Venkatesan, a principal threat analysis engineer with Symantec, wrote in the company’s blog.
Ride-sharing service Uber has millions of users worldwide, although its service in Ireland is limited to licensed taxis and limousines. In July last year, it emerged the National Transport Authority had told Uber its ride-sharing model was not appropriate for Ireland, and the possibility of a pilot scheme in Limerick trialling the servcie with private cars was “undesirable” .
To minimise the risk of being hit by malware, Android users are advised to stick to official app stores for software, such as the Google Play store, and do not allow app downloads from untrusted sources on your device. However, that isn’t enough to protect you from all malware, as it can still sneak past Google’s defences. Android users should also keep an eye on an app’s rating and how long the app has been available, and check what permissions it is seeking for your device before installing it. Keeping software up to date can also help stop security threats. Finally, avoid clicking on unsolicited links in emails and other messages.