Android Malware Steals Uber Logins, Then Covers it Up

04.01.2018 | 16:48
Symantec has discovered Android malware that steals Uber credentials and covers it up with the use of deep links.

As explained in a blog post on the firm’s website, the Android.Fakeapp variant uses a spoofed Uber app interface that pops up on the users screen at regular intervals to trick them into entering their Uber ID and password. Once they do and click Next the credentials are sent to a remote server.

To make the heist seem legitimate and avoid alarming the victim, the malware then uses the deep link URI of the real app to display a screen which shows the user’s location, something that would be expected when using Uber and is unlikely to raise suspicion.

In terms of mitigation, Symantec advised users to follow these best practices:

- Keep your software up to date

- Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources

- Pay close attention to the permissions requested by apps

- Install a suitable mobile security app, such as Norton, to protect your device and data

- Make frequent backups of important data

Nick Shaw, EMEA vice-president and general manager at Norton by Symantec, added that users should think before they
click: “Unsolicited communications may not be what they seem so use caution with any link delivered to you and always read the message first. Go directly to the website instead of clicking a link supplied.”

by Michael Hill
Android, Malware, Uber Logins
Source Infosecurity

Comments (1)
  1. Added COMPOSITE HACKS 18.01.2018 | 05:19★COMPOSITE HACKS★

    If Truly you Are In Need Of A LEGIT PROFESSIONAL HACKER Who Will Get Your Job Done Efficiently With Swift Response, Congratulations, You Have Met the Right HACKERS.

    ★ WHO ARE COMPOSITE HACKS???
    • We are a Team Of Professional HACKERS , a product of the coming together of Legit Hackers from the Dark-Web (pentaguard, CyberBerkut, White Hack and Black Hat,) we have been existing for over 12years, our system is a very strong and decentralized command structure that operates on ideas and directives.

    ★ JOB GUARANTEE:
     • Frankly speaking, I always give a 100% guarantee on any job we are been asked to do, because we have always been successful in Almost all our jobs for over 12years and our clients can testify to that.
    The Problem we are Facing right now is that there are so many fake Hackers here online who are claiming what they are not, just to eat innocent people's money and Run away, But its only the SMART People that would be able to distinguish between these enormous Fake Hackers and the Few LEGIT HACKERS. I could remember there was a time i started hacking their emails and shutting it down, but at a point i observed that these scam hackers are enormous, how many of them am i gonna hack? I had to Leave them and Face my Job.
    - COMPOSITE HACKS is One of the Leading Hack Teams in the United States With so Many Awards from the IT Companies.


    ★ OUR HACKING CAPABILITIES:
    We Offer Varieties Of LEGIT Hacking Services With the Help Of Our Root HackTools, Special HackTools and Our Technical Hacking Strategies.
    - Below is a List Of Services we Render Often:
    ★Penetration Testing
    ★ Phishing
    ★ Jail Breaking.
    ★ Phone Hack: Giving you access to the Target's Call Log, messages, chats and all social media Apps .
    ★Retrieval Of Lost Files
    ★ Location Tracking.
    ★ Clearing Of Criminal Records.
    ★ Hacking Of Server, Database And website e.g Facebook, twitter, Instagram Snapchat etc

    ★ SOME OTHER SPECIAL SERVICES WE OFFER:
    ★ Bank Accounts Loading ( Only USA Banks)
    ★ Credit Cards Loading (Only USA CC's)
    ★ One Vanilla Cards Loading ($100 cards and above)
    ★ Sales Of HACKED/PROGRAMMED ATM Cards & CC's ( For All Countries.)

    ★ You can also contact us for other Cyber Attacks And Hijackings, we do almost All.

    ★Contact Us for Your Desired Service Via: compositehacks@gmail.com

    ★Our Website : www.compositehacks.blogspot.com

    ★We Treat Every Request With Utmost Confidentiality★
Leave comment:CaptchaRefresh verification code