People use apps like Uber all the time because you don’t know when you might have to call a cab.
A malware app has been making use of people’s familiarity with a service like Uber and are stealing login info by posing as a legitimate service.
It has been identified that the Android.Fake app Trojan is the base malware which is found in the Google Play Store for a very long time. While developers and white hat hackers have done their best to stop it from reappearing on the store, it has now taken over Uber’s interface and has been stealing personal information from users.
The discovery was made by the security company Symantec which confirmed that the existing malware is none other than the notoriously popular trojan. Once it finds its way into your Android smartphone, you will never know when it will appear. Instead of doing anything foolish that might alert the user, the malware will lurk in the corner and will initiate a pop-up at the most unexpected moment.
As it sports an Uber-like interface, most people would instantly believe that it belongs to the company and may inclined to type their phone number and password. The information will be directly sent to the hackers and by making use of the information available, they may be able to hack into your other accounts including social media profile, Whatsapp or any other service in which you may be using similar passwords.
The database gathered through the malware will also be shared with other hackers and third- party companies that often use such user credentials for illegal purposes. The fake app goes a step ahead so as to make users think they are actually dealing with the original Uber app. After asking for password and phone number, it will also show your location just like the app.
Researchers have found that this is another hacking technique where it redirects the link to the original app, shows your location to mark it as a pickup point for the cab and ensures that you don’t change your password immediately after sharing it with a hacking team.
Uber on their part has released a warning notice that they are doing everything in their end to stop hackers from using their interface and app to dupe users. A collection of security systems and controls are in place to avoid users from accidentally sharing their password with everyone.