This fake Uber app hijacks your password and covers its tracks

Share

Stealing Uber information could potentially give thieves the ability to have a user buy up Uber gift cards en masse as a form of stealing money; the thieves could turn around and sell those gift codes.

In order to protect against falling victim to FakeApp, Uber recommends that users only download apps from the official Android marketplace.

The trojan, which has been circulating on third-party app stores, goes after phone numbers and passwords for users of the ride-hailing service, according to the security firm Symantec. Fortunately, it hasn't affected many Uber users. Its striking similarity to Adobe Flash can trick people into downloading it. If it finds any, the trojan sends fake notifications on behalf of such apps and asks the user to login on a fake screen, thereby capturing his/her username and password for banking apps.

Back in 2015, hackers offered thousands of stolen accounts for $1 each before there was an oversupply of data, and the price fell to 40 cents per account, notes DailyBeast.

"The creators of this version" got creative", Symantec's researchers write, with the use of a deep link, which lets one app link into inner screens in other apps. Deep linking is typically used to launch a specific page or function within an app.

Lenovo's latest ThinkPads have USB-C chargers and webcam security covers
If you were to try out the 15-inch L580 or the 14-inch L480, you would no longer have new choices of their dedicated AMD graphics. The ThinkPad X280 and X380 may not look particularly sleek or sexy but they are a solid step forward for the ThinkPad X series.

This sophisticated social engineering technique prevents users from suspecting criminals' activity.

Experts from Symantec, a US-based cybersecurity company, said in a blog post published Wednesday (3 January) that they had discovered a new strain of the "FakeApp" malware, which was recently observed using a "quite novel and different monetisation technique". Thus, Android malware attack might lead to money loss and other privacy-related issues.

In a shocking revelation, Quick Heal Security Labs has reportedly detected an Android malware that has been targeting over 232 banking apps including HDFC Bank and ICICI Bank.

Symantec's advice is, predictably, not to download apps from anywhere except the Google Play store and to use anti-malware protection on your Android device. If Flash Player malware tracks a banking app, it seeks your customer id and password details. Displaying a screen of the genuine app showing the current information of the user will not arouse any suspicion. Developers of malicious apps might create fake reviews or delete real ones. And, any OS or app updates should be installed as they're released.

Share