Millions of people have become victims of a FakeApp that is using new to cheat Uber users around the .

from Symantec corporation have found parts of a new Android malware that is trying to steal passwords, credit card details and phone password of uber users before covering up its own tracks.

Hackers are using this malware, which is a variant of FakeApp as a trojan in android to display advertisements and collect sensitive information for all Uber users.

According to Symantec:
the malware uses the deep link URI of the legitimate that starts the ’s Ride Request activity, with the current location of the victim preloaded as the pickup point.

when the user clicks the Next button the malware sends all to the remote server and that’s what hackers need. The malware also tries to cover up the steal by displaying a screen of the legal app that shows the current location of the user, and that would not regularly arouse doubt because that’s what’s expected of the original app.

However, the Android malware appears in a way on the image of Uber user interface to frequently pop-up on a target’s device stealing users ID, passwords and credit card details also other web accounts if it has the same passwords.

Users are recommended to keep software up to date, download apps only from the official stores, and pay close attention to the permissions asked by apps.

The following two tabs change content below.

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here