Uber App Clone another Android malware targeting unsuspecting users

Last updated:

IT security researchers at Symantec have discovered malware that secretly spies upon Uber’s Android app and extracts private, sensitive data such as users’ passwords. This allows attackers to hijack the accounts owned by Uber users and has been dubbed as Android.Fakeapp.

The Android malware is capable of mimicking Uber’s interface; it was identified after various Trojan pop-ups were observed by the researchers on the screen at regular intervals. The purpose was to fool the users into giving away their phone numbers and passwords.

When the user presses Enter, the malware sends login credentials to a remote server. The attackers would receive the information and use it to compromise accounts and sell them off to other hackers on the black market.

“In order to steal a user’s login information, the malware pops up on-screen regularly and prompts the user to enter their Uber username and password. Once a user falls for the attack and enters their information, it gets swept up by the attacker.”

This Fakeapp variant also gives a false sense of security to the user apart from showing a fake log-in screen of Uber. This is done to prevent users from suspecting any foul play and changing their password before the malware is able to obtain the required information.

According to Symantec’s findings, the case shows that malware creators are always eagerly looking to find new social engineering tricks to trap users.

They recommended that users must keep their software updated and install a reliable anti-malware app to prevent malware from infecting the device. Furthermore, it is suggested that apps from unfamiliar websites are not downloaded at all.

“We recommend only downloading apps from trusted sources. However, we want to protect our users even if they make an honest mistake and that’s why we put a collection of security controls and systems in place to help detect and block unauthorized logins even if you accidentally give away your password.”

To cover up the stealing of credentials, the malware accesses Uber app’s deep links to show the current location of the user, which gives away the feeling that user is using legitimate Uber app. Dinesh Venkatesan, the threat analysis engineer at Symantec, stated:

“To avoid alarming the user, the malware displays a screen of the legitimate app that shows the user’s current location, which would not normally arouse suspicion because that’s what’s expected of the actual app.”

The malware is not as widespread as we might believe it to be and a majority of Uber users are protected from it. However, it malware affects users in Russian-speaking countries at the moment and widescale distribution of the campaign is currently not expected by researchers.


My Cart Close (×)

Your cart is empty
Browse Shop

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.


By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.


You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.


Privacy Settings saved!
Cookie Services

We need your consent so that we and our trusted partners can store and access cookies, unique identifiers, personal data and information about your browsing behaviour on your device. This enables us to serve relevant content and advertising to you, and to improve the service that we provide to our readers. This only applies to we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Save my preferences