Latest Android malware steals personal information impersonating as Uber app

Ola, Uber drivers set to strike

Data breach via mobiles and computers have become a major concern these days. Despite brainstorming by software developers, hackers are crooked enough to hack their way into the cyber world for their own benefits. Recently Android has been affected by a malware which impersonates itself as Uber stealing personal information of the user.

The people at Norton came across a sample while analysing the most recent Android. This Fakeapp variant had a spoofed UBER application user interface (UI) which pops up on the user’s device screen in regular intervals until the user gets tricked into entering their UBER ID (typically the registered phone number) and password.

Once the user clicks the Next button (->), the malware sends the user ID and password to its remote server. To prevent any doubt, the malware tries to cover up the heist by displaying a screen of the legitimate app that shows the user’s current location. This wouldn’t normally arouse suspicion because that’s what’s expected of the actual app.

However, Symantec says that the creators of the Fakeapp variant focused on small details to mask their malware. They used the deep link URI of the legitimate app that starts the app’s Ride Request activity, with the current location of the victim preloaded as the pickup point. Deep links are URLs that take users directly to specific content in an app. Deep linking in Android is a way to identify a specific piece of content or functionality inside an app. It is much like a web URL, but for applications. Therefore, the user is tricked into giving out his ID and password without even considering the fact that they are being spoofed.