File photo: A 3D printed Android logo is seen in front of a displayed cyber code in this illustration taken March 22, 2016. (REUTERS/Dado Ruvic)
Security researchers have spotted Android malware with an appetite for Uber login information.
The trojan, which has been circulating on third-party app stores, goes after phone numbers and passwords for users of the ride-hailing service, according to the security firm Symantec.
Once downloaded, the malware will spoof an Uber application interface over the phone’s screen that asks for the login credentials. However, any data entered will actually be sent off to a remote server under the control of the malware’s developers.
The malware is also quite persistent; the fake interface will pop up in regular intervals until the phone’s owner finally enters their login information, Symantec said in a blog post.
After the credentials are entered, the malware employs another trick: it’ll trigger the real Uber app to launch and activate a ride request. All of this looks like normal activity, but in reality it’s the malware attempting to fool you into thinking nothing is wrong, Symantec said.
“This case again demonstrates malware authors’ never-ending quest for finding new social engineering techniques to trick and steal from unwitting users,” the company added.
Symantec didn’t say why the malware’s developers are targeting Uber users. But in the past, stolen Uber accounts have been sold on the digital black market for around $4, giving buyers a cheap way to take car rides with the service.
The good news is that Symantec hasn’t found this app on the official Google Play Store. “Users are likely in Russian-speaking countries in limited number. We don’t anticipate such an app to be in wide scale distribution,” the company said.
Nevertheless, the trojan serves as a reminder it’s best to download mobile software from official app stores, which have far less malware than third-party app stores.