Researchers from cybersecurity firm Symantec have found a piece of malware that tries to steal a target’s Uber password, before covering up its own tracks.
According to that research, the Android malware causes a fake Uber user interface to repeatedly pop-up on a target’s device, taking up the whole screen, until the user enters their Uber ID and password. As with many other phishing campaigns, as soon as the victim provides their credentials, the malware sends those details off to the hacker’s remote server, Symantec said.
This Fakeapp variant doesn’t stop at presenting a copy of Uber’s log-in screen. To give you a false sense of security and to prevent you from becoming suspicious and changing your password too soon, it even loads a screen from the legitimate app that shows your location after you press enter. It apparently does that by deep linking to a URL in the real application that starts up Ride Request activity using your location as the pick-up point.
Symantec says this case “demonstrates malware authors’ neverending quest” to find new social engineering techniques to trick users. Its advice? The usual: make sure your software is updated, install reputable anti-malware apps and don’t download from unfamiliar websites.