A new malware that wants to trick you into handing over your Uber login.
Symantec has discovered a new android malware that is targeting Uber users. This malicious app spoofs the official app, in the hopes of stealing user’s passwords and taking over their accounts.
Once downloaded, the app will repeatedly present the user with pop ups asking for the user’s login information. This is of course something we’ve seen before in other malware attacks. Where this attack differs is how it fools the user.
The malware utilizes deep links to the legitimate Uber app, in order to provide real app info to the user. The user will see what they expect to see from the real app, and not realize that they have been compromised.
Luckily, at this point, the malware infection is small. The malware cannot be found on the Google Play Store, so users would need to pick up the app in either a third party app store, or via direct download.
But why get the Uber app at all? BBM users can utilize Uber services from right within the discover tab of BBM. That’s one less app on your phone, and one less potential threat to worry about.