This Android Malware Copies Uber’s UI to Steal Your Data

You cannot be too careful these days when it comes to the security of your devices. Latest news involves Uber and your log in details for the ride hailing app. Cyber security firm ‘Symantec’ conducted a research where they identified a malicious software that can steal your Uber user ID and password.

How Does it Happen?

The fake app steals Uber ID and passwords by causing a fake Uber app interface to repeatedly pop-up on the user’s display. The fake interface looks exactly the Uber’s.

It prompts the user to enter their ID and password, it even takes up the whole screen so that the user has no option other than entering their login details.

It doesn’t stop here, to give you a sense of security and prevent any suspicions, the fake app even links itself to the real Uber app. Once you have entered your credentials, it takes you to the real Uber app and shows your current location and near-by rides and all. It does so by linking itself to a app-URL for the Uber app.

After you enter the ID and password, the fake software sends your credential’s to the hackers’ server. Now it is up to hackers to use your data any way they want. Hackers can sell the users’ data to other hackers on black market and even use it to steal your other accounts since most people have the same account details across multiple online services.

How to avoid it?

Symantec did provide some tips on how to prevent these malware apps from stealing your data. Though the advice is pretty basic, it could prove handy. Symantec advises users;

  • To keep the software and app updated to latest version.
  • To install and download apps from verified and trusted sources only.

Upon request Uber did comment on the situation, a spokesperson said;

Because this phishing technique requires consumers to first download a malicious app from outside the official Play store, we recommend only downloading apps from trusted sources. However, we want to protect our users even if they make an honest mistake and that’s why we put a collection of security controls and systems in place to help detect and block unauthorized logins even if you accidentally give away your password.

Via: Engadget