Android malware imitates Uber layout to steal login details

And it even starts the real app to convince you it's genuine

The Fakeapp trojan has been around on Android for a few years now, but a new variant has been discovered by Symantec that disguises itself as the Uber app.

After downloading the malware - from a non-Google source - Fakeapp will periodically appear on the victim's screen and prompt for their Uber login details, like their phone number and password. Those can then be sold on the black market, or leveraged to compromise other accounts.

The app doesn't stop there, though. To avoid suspicion, which might prompt a password change, Fakeapp then deep links to the actual Uber app.

Deep linking is used to directly open a specific part of an app, rather than directly launching it; think of it like a web URL for applications. In this case, giving Fakeapp your log-in information will open Uber's Ride Request screen, with the victim's location preloaded as the pickup point.

Symantec's advice is, predictably, not to download apps from anywhere except the Google Play store and to use anti-malware protection on your Android device.

Uber reassured users that it would probably be able to unauthorised logins, telling Engadget:

‘Because this phishing technique requires consumers to first download a malicious app from outside the official Play store, we recommend only downloading apps from trusted sources. However, we want to protect our users even if they make an honest mistake and that's why we put a collection of security controls and systems in place to help detect and block unauthorised logins even if you accidentally give away your password.'