From stolen accounts to Russian-hacker run networks, Uber’s black market trade has steadily become a staple in the digital underground. Only a month ago, Uber users and drivers learned that their privacy might be put at risk due to the massive data breach. Now, researchers from cybersecurity firm Symantec have found a piece of new Android malware that tries to steal a target’s Uber password, phone password and credit card details, before covering up its own tracks.
The FakeApp trojan has returned with new tricks to stop users noticing they’ve been duped.
The malware is a variant of FakeApp, an Android trojan that attackers have been using to display advertisements and collect information from compromised devices since 2012. However, it has updated numerous times, and the recently discovered version tries to steal users credentials by deep linking URL in the real Uber app.
According to that research, the Android malware causes a fake Uber user interface to repeatedly pop-up on a target’s device, taking up the whole screen until the user enters their Uber ID and password. As with many other phishing campaigns, as soon as the victim provides their credentials, the malware sends those details off to the hacker’s remote server, Symantec said.
According to the researchers, malware spreads via untrusted third-party app stores. Fortunately, it hasn’t affected many Uber users. However, people are advised to be careful and do not get tricked by a new criminals’ trick.
Hackers could do a few different things with a stolen set of Uber accounts. It’s likely the attackers will either attempt to exploit this stolen information for their own gain, performing scams, or try to sell it to others on dark web underground forums. , where customers buy login details and then simply take rides and their victim’s expense. In 2015, scammers were selling thousands of stolen accounts for $1 each, before the marketed became saturated and the price plummeted to just 40 cents per account. Many of these accounts were likely hacked because victims had used the same password on Uber as well as a website that was already breached, meaning scammers could just log into the user’s account.
Uber has not come out with a statement on the matter.