Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Mobile credential-stealer uses deep link to mimic Uber app

A credentials-stealing malware program disguised as an Android app was recently found spoofing an Uber user interface, and even leveraging a deep link uniform resource identifier from the actual ride-sharing app in order to appear legitimate.

According to a Jan. 3 blog post from Symantec Corporation, the variant of Android.FakeApp malware periodically displays an Uber UI on infected users' device screens in regular intervals until they enter their Uber ID and password. Generally, the ID consists of the user's registered phone number.

A screenshot of the fraudulent interface that was shown on Symantec's website displays what appears to be Cyrillic characters, suggesting the fake app is targeting Russians or other Slavic language-speakers. After victims enter their information and click the “Next” button, the malware communicates this data to a remote command-and-control server.

To appear on the up and up, the malware uses an actual Uber deep link URI to launch the legit app's Ride Request activity, which shows the current location of the victim as a preset pick-up point. As Symantec explains in the post, deep links are URLs that send users directly to specific content within an app – in this case, a screen of the legitimate app that users would expect to see.

“This case again demonstrates malware authors' neverending quest for finding new social engineering techniques to trick and steal from unwitting users,” writes blog post author Dinesh Venkatesan, principal threat analysis engineer at Symantec, who called the deep link tactic a “creative” maneuver.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.