Hidden Malware in Uber App Caught Harvesting User Passwords

Share

"Users are advised to avoid downloading apps from third party app stores or links provided in SMSs and emails to keep their credentials safe", Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited, said in a statement. In that banking apps, there are few banks belongs to India.

An Android banking trojan that targets more than 232 banking apps has been uncovered, targeting financial institutions globally.

Apart from these, the malware also targets other widely-used general apps such as Amazon Shopping, Airbnb, 365Scores: Sports Scores Live, PokerStars Poker: Texas Holdem, PokerStars Play: Free Texas Holdem Poker Game, Western Union US - Send Money Transfers Quickly. The app icon even resembles that of Flash Player as seen below. At the same time, users are also being asked not to download any app from third-party app stores and to ensure that the "downloading apps from other sources" feature on their devices are always disabled.

Like most URLs, deep links direct to a specific piece of content.

Monster Hunter World beta incoming as new trailer reveals Nergigante
Returning players can now try to hunt down the risky Nergigante dragon, a monster we saw in a previous trailer. The Kushala Daora is a steel dragon that can control storm clouds and is protected by thick metal plates.

Uber has spoken to Engadget about this matter and they mentioned that users would actually have to download an infected app in order for Fakeapp to take over the Uber app. In the background, the app keeps scanning for the 232 banking and cryptocurrency appplications from which to steal data.

The typical recommendations apply-Symantec's advice is to make sure your software is up to date, refrain from downloading apps from unfamiliar sites, pay close attention to the permissions that apps request, make frequent backups, and of course it pitches installing a mobile security app such as Norton. That makes everything seem legitimate, but in reality, the user's data was transmitted to a remote server. This enables the attackers to bypass SMS-based two-factor authentication on the victim's bank account (OTP). Once the notification is accessed, the malware creates a fake login screen, which allows the trojan to steal confidential information like login ID and password for the banking app.

Users are prompted to enter their login credentials through these notifications.

A representative from Uber warns users to only download trusted apps from the Google Play store, since this "phishing" app requires the user to download and install it in the first place in order for it to be able to work.

Share