Published: Sat, January 06, 2018
Markets | By Rosalie Gross

Hidden Malware in Uber App Caught Harvesting User Passwords

Hidden Malware in Uber App Caught Harvesting User Passwords

Quick Heal reported that the Android.banker.A9480 malware had entered the third-party stores through the fake Flash Player.

'Mobile malware such as the Android Trojan can mimic legitimate banking apps as well as notifications. If anyone needs further proof of that, Symantec has it, in the form of a warning over a new Android "Fakeapp" malware variant that spoofs Uber, the popular ridesharing service, to cover its tracks. They are HDFC Mobile Banking, Axis, SBI Anywhere Personal, MobileBanking LITE, ICICI Bank, HDFC Bank, IDBI Abhay, IDBI mPassbook Bank, IDBI GO Mobile, Baroda mPassbook, Union Bank Mobile Banking System, Commercial clients of Union Bank. The Flash Player is the favourite app especially for the cybercriminals because of its prevalence feature. "Deep links are URLs that take users directly to specific content in an app".

The fake app asks users for administrative rights immediately after setup and even if a user initially denies admin access, the app continues to show pop-up windows until the user accepts. The wealth of personal data on a mobile device makes it a tempting target for internet ne'er-do-wells, and they're getting quite clever when it comes to fooling users into compromising their security.

After the initial setup, the app runs in the background and looks for 232 particular apps (mostly banking and some cryptocurrency apps). As soon it finds one of the targeted apps, it starts sending fake notifications which resemble the ones from the targetted apps. From here the app can easily steal the user's banking ID and passwords.

To steal the login information of the user, the malware is claimed to pop up on the screen regularly and prompt the user to enter the Uber username and password.

Image Quick Heal
Image Quick Heal

The malware can read all incoming and outgoing texts and can also bypass the OTP-based two-factor authentication on the target's bank account. Also, Quick Heal noted that their security application detects this malware and alerts the user if any.

Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited commented on the same and said, "Users are advised to avoid downloading apps from third party app stores or links provided in SMSs and emails to keep their credentials safe".

The good news is that Symantec hasn't found this app on the official Google Play Store.

As an extra precaution, go through the list of permissions every app requests from you during installation.

More news: The Switch is now officially the fastest-selling console in United States history

Like this: