This fake Uber app can steal your personal data
Table of contents:
The Android.Fakeapp Trojan has spent years adopting different variants to sneak into Android phones and steal users' personal data. One of its most recent versions imitates the home screen of the Uber application. When the username and password are entered, the fake app displays a screen of the real Uber app, so as not to arouse any suspicion. However, the malicious application has already diverted the data to a remote server.Thus, the Trojan's developers can sell the impersonated log in, or use it to compromise other accounts of the same user.
The security company Symantec has detected this fake Uber app during a search for other fake apps. According to Symantec, the creators of this version of Android.Fakeapp “have been creative”. The fake app does more than mimic the Uber launch interface. Through deep linking, it is able to load an authentic application screen. From it, the trip request is started with the user's location as the pick-up point. Thus,the user believes that he is using the Uber app normally, and is prevented from changing his password before the Trojan authors can use it
How to avoid a fake application? Only download from trusted sites
As an Uber spokesperson told Engadget, “This phishing technique requires users to download a malicious app from outside the official Play Store. We recommend only downloading applications from trusted sources. However, we want to protect our users. For this reason, we have a series of security controls in place to detect and block unauthorized logins”. In any case, these statements contrast with the company's lack of transparency regarding the security breach detected in 2016.
Symantec explains that this new iteration of the Android.Fakeapp Trojan “demonstrates the endless search of malware writers” to find new techniques with which to deceive users. The tips to avoid being a victim of a fake application are the usual ones:
- Do not download anything from unknown sources.
- We have to review the permissions required by the apps we install.
- We must make sure our software is up to date.
- Install reliable anti-malware applications.
