The Android.Fakeapp Trojan has been infecting Google’s mobile platform for ages in different forms, and one of its latest variants mimics Uber’s interface. According to Symantec, which discovered the new variant after looking at several, the Trojan pops up on screen in regular intervals in an effort to fool you into typing your phone number and password. When you press enter, it sends your log-in credentials to a remote server: the Trojan’s creators could then use your log-in to compromise your other accounts or to sell them to fellow hackers on the black market.
This Fakeapp variant doesn’t stop at presenting a copy of Uber’s log-in screen. To give you a false sense of security and to prevent you from becoming suspicious and changing your password too soon, it even loads a screen from the legitimate app that shows your location after you press enter. It apparently does that by deep linking to a URL in the real application that starts up Ride Request activity using your location as the pick-up point.
Submitted by: Arnfried Walbrecht