Android malware steals Uber credentials

Haythem Elmir
From stolen accounts to Russian-hacker run networks, Uber’s black market trade has steadily become a staple in the digital underground. Only a month ago, Uber users and drivers learned that their privacy might be put at risk due to the massive data breach. Now, researchers from cybersecurity firm Symantec have found a piece of new Android malware that tries to steal a target’s Uber password, phone password and credit card details, before covering up its own tracks.
The FakeApp trojan has returned with new tricks to stop users noticing they’ve been duped.
The malware is a variant of FakeApp, an Android trojan that attackers have been using to display advertisements and collect information from compromised devices since 2012. However, it has updated numerous times, and the recently discovered version tries to steal users credentials by deep linking URL in the real Uber app.

According to that research, the Android malware causes a fake Uber user interface to repeatedly pop-up on a target’s device, taking up the whole screen until the user enters their Uber ID and password. As with many other phishing campaigns, as soon as the victim provides their credentials, the malware sends those details off to the hacker’s remote server, Symantec said.
According to the researchers, malware spreads via untrusted third-party app stores. Fortunately, it hasn’t affected many Uber users. However, people are advised to be careful and do not get tricked by a new criminals’ trick.Hackers could do a few different things with a stolen set of Uber accounts. It’s likely the attackers will either attempt to exploit this stolen information for their own gain, performing scams, or try to sell it to others on dark web underground forums. , where customers buy login details and then simply take rides and their victim’s expense.[…]

To read the original article:

Laisser un commentaire

Next Post

Android Malware Attacking Over 232 Banking Apps Discovered

A new Android malware is reportedly targeting over 232 banking applications, including a few banks in India. This was discovered by the internet and cybersecurity firm Quick Heal, which identified the Android Banking Trojan imitating banking mobile apps around the world. It includes major Indian banks apps from SBI, HDFC, […]