There’s no arguing that one of the greatest ideas for an app/service is Uber. It provides immeasurable help, starting off by offering you ride-sharing to the destination of your choice and now adding on food delivery.
But while it’s still a great service, the latest Android.Fakeapp malware variant steals important factors of Uber to make you think you’re using the Uber app when you’re really using the malware which is stealing your data.
The Steal
Everyone who has used the Uber app is familiar with how it works and the windows it uses, such as the login screen and the user location screen. And that’s how the malware tricks you into thinking that it’s real.
The malware pops up on an Android user’s screen intermittently with what appears to be an Uber login screen. It keeps showing up until the user is eventually tricked into believing that it’s really Uber looking for login details, which typically include the user’s phone number along with their password.
Once the user inputs their login details and clicks Next, they’ve just given their login details to the malware’s remote server.
It needs to be remembered what they’ve just given the malware along with their login details. This means the malware now has access to everything stored on Uber. Not only do they have your home address, they now have access to your credit card.
The Cover Up
But the malware isn’t content with just this. They want to make sure that you don’t suspect anything. After scamming your login details, it pops up another screen so that it doesn’t alarm you.
Cleverly, the malware pops up a screen that imitates the real Uber app. It shows you your current location, as this is what Uber would do, assuming you want a ride from your current location to another location.
In order to show this screen the malware uses the deep link URL of the real Uber app.
Deep links are used by apps to take you to specific content inside an app. It works similarly to a web URL, but instead of an exact website location, it’s an exact app location.
The user is completely fooled by this point and doesn’t suspect anything so that the malware can get away with stealing the information, leaving the user completely unaware.
Keeping Your Android Safe
This malware threat was reported by Symantec, a known software company that provides security. They, of course, suggest you use their software to keep yourself protected from this Android.Fakeapp malware variant and others.
But there are certainly other steps you can take as well. You should always keep your Android and software up to date. Additionally, you should only download apps from trusted sources and never from unfamiliar sites.
Also, be aware of the permissions that are requested by apps. Instead of just supplying the permissions automatically, be sure of who and what you’re giving these permissions to.
And, as always, be sure to keep all your information backed up. That’s always a good practice, not just in this case.
The Irony of Safety
Ironically, Uber offers its ride-sharing service to help you and in many ways keeps you safe, giving you safe transportation when you need it.
But this malware threat takes that safety and more away from you. But as long as you take the proper precautions, you can stay safe and keep all your data safe as well.
Have you come across this malware or a similar one that has tried to steal all your data? Let us know in the comments if this has ever happened to you.
