This site may earn chapter commissions from the links on this page. Terms of use.

As shortly every bit at that place were smartphones, there was malware for smartphones. The wealth of personal information on a mobile device makes information technology a tempting target for internet ne'er-exercise-wells, and they're getting quite clever when it comes to fooling users into compromising their security. The latest malware scare is a nasty scrap of code for Android chosen FakeApp. As the proper noun implies, it pretends to be some other app to steal data. In this case, information technology's pretending to be Uber.

The FakeApp trojan was discovered by security firm Symantec through its regular monitoring of Android apps. The trojan takes over the user's screen at regular intervals, interrupting what you're doing. Ordinarily beingness noticed is non desire malware wants, but this trojan is using a bit of social applied science to trick users into willingly giving away their personal information.

When FakeApp appears, it impersonates the Uber app. It insists the user needs to log into the app with their registered telephone number and password. Anyone who inputs that data will exist giving data abroad to the bad guys. The theft is covered upward past the app using Uber's deep linking URI to pull up the "request ride" activity next. That makes everything seem legitimate, but in reality, the user's data was transmitted to a remote server.

Once the malware creators have a list of phone numbers, they can sell them to other scammers. Passwords are potentially more valuable, every bit many people don't use unique logins similar they should and an Uber password could go the thieves into plenty of other accounts. When coupled with a telephone number and SIM hijacking, the scammers might even exist able to go into accounts protected with two-cistron authentication.

The good news here is it'due south non like shooting fish in a barrel to get bitten past FakeApp. It's a standard Android app — it'southward not using whatsoever critical security flaws to infiltrate your organisation. That means yous need to download an APK file containing FakeApp, alter your system settings to allow "unknown sources," and and so open the APK to manually install.

Symantec says the all-time way to avoid this threat is simply to brand sure you lot aren't downloading apps from outside the Google Play Store. Shady tertiary-political party app repositories specializing in pirated apps are only places FakeApp has been detected. Steer clear of those places and don't install suspicious APKs, and you lot'll be fine. If you lot practise think you've got FakeApp on your phone, a factory reset ought to accept care of it.

Now read: 25 Best Android Tips to Make Your Phone More Useful