According to the description on Google Play, Uber application is a tool that allows you to “request door-to-door transportation at the tap of a button.” However, in this article, we will talk not about the original program you can download from Google Play, but about a fake Uber application targeted at Android users. Computer security specialists say both of them look just the same; nonetheless, they have one difference as the fictitious tool is distributed through third-party web pages. It means you could be at risk only if you have downloaded the mentioned software from an unofficial or unreliable source. The danger in installing such a threat is that at some point it may ask the user to insert his sensitive data. Needless to say, if you submit it the fictitious program can steal it right away and the worst part is afterward it acts the same way the original application is supposed to so it is difficult to understand something went wrong. For this reason, we encourage you to read our full report and get to know this malware better.
To begin with, the fake Uber application was found by researchers from Symantec. Their report says it is not entirely a new threat as it is merely a new variant of Android.Fakeapp discovered back in February 2012. At the mentioned time, it was determined the malware targets Android devices, and it was classified as a Trojan. This early version was distributed with packages named TuneHopper Free Fan App or Plants vs Zombies Free Fan App. Moreover, it was capable of stealing user’s phone number, IMEI number, and so on. What could have allowed victims to realize something is not right with the downloaded and installed software was the fact it barely had any functionality. In other words, the older Android.Fakeapp version did not try to imitate any tools or provide any functions to make it look less suspicious.
Unfortunately, the new version or the fake Uber application was updated a few times since then. Researchers say it is extremely difficult to realize anything is wrong because right after you are asked to submit sensitive data the tool goes back to work just like the legitimate Uber program. For example, it was noticed, at first, it could ask the user to insert his login name and password. Then, after some time the threat might ask to submit particular information about the user’s banking account or other private data. Afterward, the malware should quickly load the screen with a map showing your location and let you set a pickup location. Thus, if you are using the tool let us say for the first time you may not find such requests unusual since the software seems to work as it should.
Furthermore, to hide its malicious activity and provide the set pickup location tool as described in the paragraph above, the fake Uber application uses a specific method called Deep links. As the Symantec researchers explain “Deep links are URLs that take users directly to specific content in an app.” They also explain the mentioned links are a lot like Web URLs only that they are specific for applications. Apparently, after the user reveals his sensitive data, the threat uses a particular original Uber program’s Deep link (uber://?action=setPickup&pickup=my_location) to show the set pickup location screen while at the same time it sends the submitted passwords or other information to a remote server.
The good news is it appears to be the malware did not affect a lot of devices. Of course, if you downloaded the mentioned tool from anywhere else besides the Google Play store and believe it could be the described fake Uber application, it would be advisable to remove it as fast as possible. To avoid such threats in the future, computer security specialists advise downloading applications only from Google Play. Even though some malicious threats manage to appear there as well; it does not happen often, and so the chances of infecting the system are more prominent when downloading programs from unreliable third-party sources. Additionally, it would be advisable to do a little research before installing any new applications just in case. Also, for more protection, you could pick a reliable antimalware tool for your device.
- Dinesh Venkatesan. Android Malware Steals Uber Credentials and Covers Up the Heist Using Deep Links. Symantec blog.
- Beannie Cai. Android.Fakeapp. Symantec blog.
- Uber. Google Play.