Android users should be on alert for a new malware variant which is posing as popular ride-hailing app Uber in an attempt to steal passwords, security researchers warn.

Experts from Symantec, a US-based cybersecurity company, said in a blog post published Wednesday (3 January) that they had discovered a new strain of the "FakeApp" malware, which was recently observed using a "quite novel and different monetisation technique."

They said it not only uses an overlay attack – mirroring real software in an attempt to dupe victims into revealing data – but also tries to cover up the heist.

"To avoid alarming the user, the malware displays a screen of the legitimate app that shows the user's current location, which would not normally arouse suspicion because that's what's expected of the actual app," explained Symantec threat expert Dinesh Venkatesan.

"This is where creators of this Fakeapp variant got creative," he continued. "To show the said screen, the malware uses the deep link URL of the legitimate app that starts the app's Ride Request activity, with the current location of the victim preloaded as the pickup point."

By exploiting the services of the real app, hackers have a better chance of staying hidden on a device. Meanwhile behind the scenes, stolen credentials are being sent to an external server.

Alongside passwords, one aim of the software – which is circulating on third-party markets – is to steal credit card details, which are often entered into mobile applications. According to Venkatesan, the FakeApp malware should now be "of particular concern to Uber users"/

In an email to The Daily Beast, an Uber spokesperson said: "We recommend only downloading apps from trusted sources." The public relations contact said that systems were already in place to help users "detect and block" unauthorised login attempts using hijacked passwords.

There is currently no evidence the variant has made its way to the official Google app store, meaning that the total number of infections is likely to remain relatively low at this time.

"This case again demonstrates malware authors' neverending quest for finding new social engineering techniques to trick and steal from unwitting users," Venkatesan wrote. Symantec said there are a number of steps Android users can take to stay protected:

  • Keep software up to date
  • Refrain from downloading apps from unfamiliar sites
  • Pay close attention to the permissions requested by apps
  • Make frequent backups of important data

On the dark web, an underground internet which is used by hackers to sell stolen credentials, login details are commonplace – and as a result, cheap. Single Uber accounts can cost as little as $1.