Malware discovered by Symantec researchers sneakily spoofs Uber’s Android app and harvests users’ passwords, allowing attackers to take over the effected users’ accounts. The malware isn’t widespread, though, and most Uber users are not effected.
In order to steal a user’s login information, the malware pops up on-screen regularly and prompts the user to enter their Uber username and password. Once a user falls for the attack and enters their information, it gets swept up by the attacker.
To cover up the credential theft, this malware uses deep links to Uber’s legitimate app to display the user’s current location—making it appear as though the user is accessing the Uber app instead of a malicious fake.