InsightPortal Logo


Android malware clones Uber interface to steal credentials

New Android malware found targets Uber users.

Known as Android.Fakeapp, security researchers from Symantec have discovered a malicious Android application that targets Uber users worldwide. The app reportedly disguises itself as the official Uber app, asking for user credentials, typically their phone number and password.

For added legitimacy, the malware also draws over the original Uber app screen, which by default pinpoints to the user's location, making for a believable screen that would normally not arouse any suspicion.

Uber's team has responded to this vulnerability, stating that users can only be infected if they were to install a malicious app from outside of the Play Store. For this reason the team recommends users do not download apps from untrusted sources and always double check for any malicious activities they might suspect by having a look over what apps have what permissions within the device settings.

QTF Recommends: Aside from the recommendations given by Uber, we also highly recommend you keep your Android OS updated at all times, as your device manufacturer may frequently release security updates for your device. 


Impact Rating: 3