CrosswordNewsletters
DAILY BEAST
ALL
  • Cheat Sheet
  • Politics
  • Crime
  • Entertainment
  • Media
  • Innovation
  • Opinion
  • World
  • U.S. News
  • Scouted
  • Travel
CHEAT SHEET
    POLITICS
    • Fever Dreams
    • Biden World
    • Elections
    • Opinion
    • National Security
    • Congress
    • Pay Dirt
    • The New Abnormal
    • Right Richter
    • Trumpland
    MEDIA
    • Confider
    • Daytime Talk
    • Late-Night
    • Fox News
    U.S. NEWS
    • Identities
    • Crime
    • Race
    • LGBT
    • Extremism
    • Coronavirus
    WORLD
    • Russia
    • Europe
    • China
    • Middle East
    INNOVATION
    • Science
    TRAVEL
      ENTERTAINMENT
      • TV
      • Movies
      • Music
      • Comedy
      • Sports
      • Sex
      • TDBs Obsessed
      • Awards Shows
      • The Last Laugh
      FOOD & BEVERAGE
        CULTURE
        • Power Trip
        • Fashion
        • Books
        • Royalist
        TECH
        • Disinformation
        SCOUTED
        • Face Masks
        • Clothing
        • Technology
        • Bedroom
        • Kitchen
        • Home
        • Fitness
        • The Case For
        • I'm Looking For
        • New Kids On the Block
        COUPONS
        • Adidas Promo Codes
        • DoorDash Promo Codes
        • H&M Coupons
        • Hotwire Promo Codes
        • Wine.com Discounts
        • Vitacost Coupons
        • Spanx Promo Codes
        • StubHub Promo Codes
        Products
        NewslettersPodcastsCrosswordsSubscription
        FOLLOW US
        GOT A TIP?

        SEARCH

        HOMEPAGE
        Disinformation

        Sneaky Android Malware Tries to Steal Your Uber Login Details

        DANGER AHEAD

        Hackers hunting out Uber accounts are moving beyond just trying a victim’s password, to stealing it directly.

        Joseph Cox

        Updated Jan. 04, 2018 5:08AM ET / Published Jan. 03, 2018 10:55PM ET 

        Photo Illustration by Sarah Rogers/The Daily Beast

        From stolen accounts to Russian-hacker run networks, Uber’s blackmarket trade has steadily become a staple in the digital underground. Now, researchers from cybersecurity firm Symantec have found a piece of malware that tries to steal a target’s Uber password, before covering up its own tracks.

        According to that research, the Android malware causes a fake Uber user interface to repeatedly pop-up on a target’s device, taking up the whole screen, until the user enters their Uber ID and password. As with many other phishing campaigns, as soon as the victim provides their credentials, the malware sends those details off to the hacker’s remote server, Symantec said.

        In an email, Uber spokesperson Melanie Ensign told The Daily Beast “we recommend only downloading apps from trusted sources. However, we want to protect our users even if they make an honest mistake and that’s why we put a collection of security controls and systems in place to help detect and block unauthorized logins even if you accidentally give away your password.”

        Hackers could do a few different things with a stolen set of Uber accounts. They could sell them on the dark web, where customers buy login details and then simply take rides and their victim’s expense. In 2015, scammers were selling thousands of stolen accounts for $1 each, before the marketed became saturated and the price plummeted to just 40 cents per account. Many of these accounts were likely hacked because victims had used the same password on Uber as well as a website that was already breached, meaning scammers could just log into the user’s account.

        Stolen accounts may also come in handy when running other Uber-related scams, such as when hackers trick Uber by posing as both driver and customer with spoofing-technology, or when running their own, illegitimate network of Uber drivers.

        Vikram Thakur, technical director at Symantec, also told The Daily Beast the accounts could be used to compile a fuller picture when stealing identities.

        The malware, however, is distributed not through the ordinary Google Play Store, but third-party application stores, Thakur said.

        “Users are likely in Russian-speaking countries in limited number. We don’t anticipate such an app to be in wide scale distribution,” Thakur added.

        Regardless, in an attempt to operate surreptitiously, after stealing the data, the malware Symantec found then displays a screen from the real Uber app installed on the victim’s phone, showing their current location. This is done by calling a so-called deep link URI, which takes users to particular content within an app, and starts the Ride Request process, the report adds.

        READ THIS LIST

        DAILY BEAST
        • Cheat Sheet
        • Politics
        • Crime
        • Entertainment
        • Media
        • World
        • Innovation
        • U.S. News
        • Scouted
        • Travel
        • Subscription
        • Crossword
        • Newsletters
        • Podcasts
        • About
        • Contact
        • Tips
        • Jobs
        • Advertise
        • Help
        • Privacy
        • Code of Ethics & Standards
        • Diversity
        • Terms & Conditions
        • Copyright & Trademark
        • Sitemap
        • Coupons:
        • Coupons:
        • Vistaprint Coupons
        • Samsung Promo Coupons
        • Home Depot Coupons
        • Office Depot Coupons
        • eBay Coupons
        • Ashley Furniture Promo Codes
        © 2022 The Daily Beast Company LLC