The announcement was made on Wednesday, January 3, and according to the researchers, a malware named "Android.banker.A2f8a" is being distributed through a fake Flash Player app on third-party stores. However, this malware attacking the Uber Android app is a good reminder for the users to stay away from downloading apps from untrusted sources. They are HDFC Mobile Banking, Axis, SBI Anywhere Personal, MobileBanking LITE, ICICI Bank, HDFC Bank, IDBI Abhay, IDBI mPassbook Bank, IDBI GO Mobile, Baroda mPassbook, Union Bank Mobile Banking System, Commercial clients of Union Bank.
A team of cybersecurity experts from Symantec found that the Uber app for Android may be compromised by a hidden malware that is collecting users' passwords. The Flash Player is the favourite app especially for the cybercriminals because of its prevalence feature. The malware isn't widespread, though, and most Uber users are not effected. In the background, the app keeps scanning for the 232 banking and cryptocurrency appplications from which to steal data.
Fake Uber login screens
After receiving the pop-up, Android users who fall for the ruse enter in their login details, which ten get sent to a remote server.
Users should also be aware of the permissions requested by apps, and make frequent backups of important data stored on their devices.More news: U.S. suspends security aid to Pakistan over militant groups
'When a customer has to enter sensitive information such as a PIN or one-time password into the same channel where they had logged in to their online banking platform or initiated a payment, for example, it enables a fraudster listening in on or tracking that channel to capture the sensitive information, ' he adds.
Once downloaded, the malware will spoof an Uber application interface over the phone's screen that asks for the login credentials.More news: Trump could drive Pakistan towards 'full service' to China
Furthermore, the malicious application has the ability to intercept all incoming and outgoing SMSs from the infected device with which the attackers bypass the two-factor verification.
"Users are advised to avoid downloading apps from third-party app stores or links provided in SMS and e-mails to keep their credentials safe", Quick Heal Technologies Joint Managing Director and Chief Technology Officer Sanjay Katkar said.More news: Pakistan condemns terror attack in Kabul
Because this phishing technique requires consumers to first download a malicious app from outside the official Play store, we recommend only downloading apps from trusted sources. They are similar as if it is the real banking app.
- Republican Sen. Orrin Hatch won't stand for re-election
- Game of Thrones Final Season of Six Episodes to Air in 2019
- Powerball numbers: Did you win Saturday's $390.1 million lottery jackpot?
- Organisations Respond To The EAC's Calls For A "Latte Levy"
- Almost $1 billion up for grabs in Mega Millions, Powerball jackpots
- Mega Millions, Powerball jackpots swell to $800M
- Iran's Oil Production, Exports Not Impacted By Protests
- North Korea missile crashes into its own cities
- Jesse Lingard can't stop scoring wonderful goals for Manchester United
- Spotify Sued For $1.6 Billion For Using Thousands Of Songs Without License