A Malware Is Attacking Uber App To Acquire User's Login Details

.

Say no downloading software from untrusted sources

Uber CEO, Dara Khosrowshahi may have revealed the 2016 attack on Uber’s database and took care of the matter but the company still needs to look other issues. Some researchers from Symantec, an American software company have found that malicious malware is targeting the Uber users. The attackers have deployed a software to Uber’s Android app to get the user’s account password and use the hacked account. However, the malware is not spread on a bigger scale and affected only some of the Android users having Uber app.

With the help of the malware, attackers aim to acquire the login credential of User’s Uber account. The spyware after getting installed into the phone starts prompting a screen asking the user to enter the Uber login details again and again. Once the user falls for the malware trick and enters their login information, the attackers got successful in getting the access to their account. In order to look authentic, the app uses the deep linking to retrieve the user’s location from the actual Uber app and shows it to the users. This makes the Android users believe that they are using the original Uber app and enter their details on asking.

The researchers also revealed that the deep linking helps the attackers most in fetching the user data from the Uber app. Maybe the software isn't widespread yet but Uber need to look into the issue and make sure that their app is strong enough to avoid these attacks. Deep linking to the Uber app and getting the real-time location of the Android Uber app users is a serious future threat to the Uber users.

“To avoid alarming the user, the malware displays a screen of the legitimate app that shows the user’s current location, which would not normally arouse suspicion because that’s what’s expected of the actual app,”  wrote Dinesh Venkatesan, Symantec threat analysis engineer. “This case again demonstrates malware authors’ never-ending quest for finding new social engineering techniques to trick and steal from unwitting users.”

However, the good news is that the malware is not able to get into Google Play Store and not affecting a major portion of the users. All the affected users would have downloaded the malware from an outside source. So, you should avoid the untrusted sources to download any software and prefer only the app stores.

On the matter, an Uber spokesperson has advised the users to stay away from the outside sources and downloading any suspicious software. In addition to this, the spokesperson also assured the users that Uber is taking all the possible security measures to block any unauthorized access to their account.