Symantec researchers were able to discover an Android malware that sneakily spoofs Uber’s Android app and collects users’ passwords which allow hackers to take control of the affected users’ accounts. Even though this malware is not widespread yet, and most Uber users are not affected, this is not something to be taken lightly.
The Android malware pops up on the infected device’s screen on a regular basis and prompts the user to key in their Uber username and password. And once the user falls for the malware’s trick and enters their credentials, it will be collected by the attackers for malevolent purposes.
According to Symantec, this malware makes use of deep links to Uber’s legitimate app to display the user’s current location which will make it look as though the user is accessing the Uber app when in reality, it is the malicious software. The deep links will redirect users to a particular content within an app – it’s like clicking on a certain link where you’ll get redirected to a website’s subpage instead of the home page. And in Uber’s case, security researchers from Symantec were able to find that the attackers were using deep links to locate a rider’s exact and actual location details from the Uber app.
Dinesh Venkatesan, a threat analysis engineer from Symantec said in a statement, “to avoid alarming the user, the malware displays a screen of the legitimate app that shows the user’s current location, which would not normally arouse suspicion because that’s what’s expected of the actual app. This case again demonstrates malware authors’ neverending quest for finding new social engineering techniques to trick and steal from unwitting users.”
But the good thing is that most of the Uber users are not really at risk of this malware. Although the malware tries to make itself look like the legitimate Uber app, thankfully, it is not available in the Google Play Store and that users will only get infected if they download the Uber app from a third party source.
According to a spokesperson from Symantec, users in Russian-speaking countries are most likely at risk though they’re only in quite a few. “Users are likely in Russian-speaking countries in limited number. We don’t anticipate such an app to be in wide-scale distribution,” Symantec spokesperson stated.
Because of this malware discovery, users have reminded yet again the risk in downloading apps from third parties and unknown sources. And that just to be on the safe side, it would be better if users stick to Google Play Store because even though the Play Store is not hundred percent safe, it still a better choice compared to third party download sources.
A spokesperson from Uber said, “because this phishing technique requires consumers to first download a malicious app from outside the official Play store, we recommend only downloading apps from trusted sources. However, we want to protect our users even if they make an honest mistake and that’s why we put a collection of security controls and systems in place to help detect and block unauthorized logins even if you accidentally give away your password.”