The spyware after getting installed into the phone starts prompting a screen asking the user to enter the Uber login details again and again.
Uber new CEO, Dara Khosrowshahi may have revealed the 2016 attack on Uber’s database and took care of the matter but the company still needs to look at other issues. Some researchers from Symantec, an American software company have found that malicious malware is targeting Uber users.
The attackers have deployed software to Uber’s Android app to get the user’s account password and use the hacked account. However, the malware is not spread on a bigger scale and affected only some of the Android users having Uber app.
With the help of the malware, attackers aim to acquire the login credential of User’s Uber account. The spyware after getting installed into the phone starts prompting a screen asking the user to enter the Uber login details again and again. Once the user falls for the malware trick and enters their login information, the attackers got successful in getting access to their account.
To look authentic, the app uses deep linking to retrieve the user’s location from the actual Uber app and shows it to the users. This makes the Android users believe that they are using the original Uber app and enter their details on asking.
The researchers also revealed that the deep linking helps the attackers most in fetching the user data from the Uber app. Maybe the software isn't widespread yet but Uber need to look into the issue and make sure that their app is strong enough to avoid these attacks. Deep linking to the Uber app and getting the real-time location of the Android Uber app users is a serious future threat to the Uber users.
Dinesh Venkatesan, Symantec Threat Analysis Engineer, stated,
“To avoid alarming the user, the malware displays a screen of the legitimate app that shows the user’s current location, which would not normally arouse suspicion because that’s what’s expected of the actual app. This case again demonstrates the malware authors’ never-ending quest for finding new social engineering techniques to trick and steal from unwitting users.”
However, the good news is that the malware is not able to get into the Google Play Store and not affecting a major portion of the users. All the affected users would have downloaded the malware from an outside source. So, you should avoid the untrusted sources to download any software and prefer only the app stores.
On the matter, an Uber spokesperson has advised the users to stay away from the outside sources and downloading any suspicious software. In addition to this, the spokesperson also assured the users that Uber is taking all the possible security measures to block any unauthorized access to their account.
For details on Uber app development and the cost involved, check out our article "How Much it Costs to Build an App Like Uber?"
She is a content marketer and has more than five years of experience in IoT, blockchain, Web, and mobile development. In all these years, she closely followed the app development, and now she writes about the existing and the upcoming mobile app technologies. Her essence is more like a ballet dancer.