Security researchers from Symantec corporation have found parts of a new Android malware that is trying to steal passwords, credit card details and phone password of uber users before covering up its own tracks.
Hackers are using this malware, which is a variant of FakeApp as a trojan in android to display advertisements and collect sensitive information for all Uber users.
when the user clicks the Next button the malware sends all data to the remote server and that’s what hackers need. The malware also tries to cover up the steal by displaying a screen of the legal app that shows the current location of the user, and that would not regularly arouse doubt because that’s what’s expected of the original app.
However, the Android malware appears in a fake way on the image of Uber user interface to frequently pop-up on a target’s device stealing users ID, passwords and credit card details also other web accounts if it has the same passwords.
Users are recommended to keep software up to date, download apps only from the official stores, and pay close attention to the permissions asked by apps.
is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.