Usually being noticed is not want malware wants, but this trojan is using a bit of social engineering to trick users into willingly giving away their personal data. As the name implies, it pretends to be another app to steal data. Once the user ID and password have been entered, it sends the data to a remote server.
If anyone of the targeted apps is found on the infected device, the malware will throw up a fake notification screen that leads the user to a login screen, both created to mimic the original app.
"To show the said screen, the malware uses the deep link URI of the legitimate app that starts the app's Ride Request activity, with the current location of the victim preloaded as the pickup point", said Dinesh Venkatesan, principal threat analysis engineer at Symantec. Passwords are potentially more valuable, as many people don't use unique logins like they should and an Uber password could get the thieves into plenty of other accounts. It displays a screen that shows the user's location like they would see upon opening Uber to order a ride.
When the user enters the information, it isn't actually providing it to Uber; the malware is using the fake interface to steal the login information from the victim. The latest malware scare is a nasty bit of code for Android called FakeApp.
Because this phishing technique requires consumers to first download a malicious app from outside the official Play store, we recommend only downloading apps from trusted sources.
"Users are advised to avoid downloading apps from third party app stores or links provided in SMSs and emails to keep their credentials safe", Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies Limited, said in a statement. Displaying a screen of the genuine app showing the current information of the user will not arouse any suspicion.
The typical recommendations apply-Symantec's advice is to make sure your software is up to date, refrain from downloading apps from unfamiliar sites, pay close attention to the permissions that apps request, make frequent backups, and of course it pitches installing a mobile security app such as Norton. Thus, double-checking information about developers is needed. Developers of malicious apps might create fake reviews or delete real ones.
Install reputable mobile antivirus.