New Android Malware Is Stealing Uber Passwords

Symantec have found another variation of Android malware that is meaning to take Uber passwords and login qualifications.


The malware like the one named triton malware is another minor departure from Android.Fakeapp, a typical malware focusing on Android gadgets. Past renditions of the assault have expected to take charge card numbers and other individual data, yet the most recent variation is particularly focusing on Uber users.

Virus infected Uber

The emphasis on Uber passwords bodes well for the aggressors absolutely as far as the quantity of users who could be influenced by an assault. Uber is a standout amongst the most famous apps in the Google Play Store distributing malware  and has been installed on upwards of 500 million gadgets around the world. It additionally has a worldwide reach, as Uber works in more than 80 nations around the globe.


Android.Fakeapp has been around since no less than 2012, and the most recent variation works much the same as past adaptations of the assault.

The malware is regularly installed when users download an infected app acting like a genuine application.

These apps are by and large found in outsider app stores that don’t offer an indistinguishable insurance from the Google Play Store—however malware has snuck through the breaks of Google’s firewall on a few events.


Once installed on a gadget, Android.Fakeapp parodies the Uber application user interface that would appear when the user opens Uber. The screen requests that the user enter their Uber login ID—either a telephone number or email address—and secret word.

Uber malware

At the point when the user enters the data, it isn’t really giving it to Uber; the malware is utilizing the phony malware interface to take the login data from the casualty. At the point when the user goes to login with the data, it is sent to a remote server controlled by the aggressors.

Also see: Cryptocurrencies used by hackers and fraudsters to make safe and easy digital transactions

Subsequent to capturing the casualty’s username and secret key, the malware endeavors to conceal its conduct by guiding users to another screen that appears just as it’s from the true blue Uber app.

It displays a screen that demonstrates the user’s area like they would see after opening Uber to arrange a ride.


While this kind of obscurity isn’t really phenomenal, Symantec takes note of that the makers of the Fakeapp.Android variation “got innovative” with the procedure.


Keeping in mind the end goal to display the Uber screen where users can arrange a ride, the malware utilizes what is known as a profound connection URL from the true blue app that contains data about the user’s Ride Request action. It likewise preloads the casualty’s present area as the pickup point.

Fakeapp Uber

Like most URLs, profound connections direct to a particular bit of substance.

Rather than a website page like a standard URL, a profound connection goes straightforwardly to a particular snippet of data found in an app.

Also see: Best Stunt Scooters for Beginners || Best for Beginners

Profound connecting is ordinarily used to dispatch a particular page or capacity inside an app.

It resembles guiding a man to a particular site page on a site as opposed to sending them to the landing page of the site and expecting them to navigate to discover the page.


With a specific end goal to abstain from installing Android.Fakeapp and other malware that could take passwords, Symantec specialists prescribe staying up with the latest, abstain from downloading apps from sources outside of the Google Play Store and install a trusted mobile security app that can help recognize dangers before they can execute.


Obviously, numerous Uber passwords have just been uncovered on no less than one event.

The organization endured a security rupture in 2016 that traded off upwards of 57 million users and shrouded the break for over a year.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.