A new imposter app for Android pops up a screen that resembles a user’s Uber login screen in order to steal their username and password, before automatically spawning the real Uber app so the user won’t realize anything’s amiss.
The security firm Symantec, which discovered the fake Uber app, says it’s a variant of a type of malware it calls Android.Fakeapp. Earlier versions have impersonated other popular apps.
The creators of this version”got creative,” Symantec’s researchers details were captured, with the use of a deep link, which lets one app link into inner screens in other apps. The fake user interface “pops up on the user’s device screen in regular intervals until the user gets tricked into entering their Uber ID (typically the registered phone number) and password.” After a user presses “Next” and the credentials are stolen, the user is sent to the ride request screen on their legitimate Uber app, where they would expect to be after logging in, the company says.
Last month, security firm Avast similarly reported malware that could impersonate common Android apps like the Google Play Store and Chrome, along with thousands of different banking apps, in order to steal credentials.
Symantec advises smartphone users to only install apps from trusted sources, monitor which permissions apps are requesting, and use mobile security tools to keep their phones safe. Uber for Android has been installed between 100 million and 500 million times from the Google Play Store, according to statistics from the site. Of course, some of those Android users were part of a breach involving roughly 57 million accounts that the company disclosed late last year.
Source : Glodaladvisors.biz
TAXI LEAKS EXTRA BIT :
Many users in the Tech world are alleging that this is a double scam, put up to take the heat off Uber's massive data breach of 57 million accounts.
Uber became embroiled in scandal when it was revealed that they had paid off the hackers and we're trying to keep the data breach quiet.
No comments:
Post a Comment