Published: Sat, January 06, 2018
Economy | By Shawn Conner

This fake Uber app hijacks your password and covers its tracks

This fake Uber app hijacks your password and covers its tracks

The Android Banking Trojan forms part of a fake Flash Player on third-party stores.

Which Indian Banking Apps Are Targeted?

An Android banking trojan that targets more than 232 banking apps has been uncovered, targeting financial institutions globally.

No victor in the Powerball, estimated jackpot now $550M
As the jackpots for the Mega Millions and Powerball grow, so do the ticket sales, which means more funding for education. And the odds that you'll win $550 million in the Powerball drawing Saturday are similarly stacked against you.

Banking apps of lenders including Axis Bank, HDFC Bank, ICICI Bank, IDBI Bank and Union Bank are among those vulnerable.

Once they've done so, the malware avoids detection by using a deep link to the real Uber app to display a screenshot of what you'd expect to see when you logged into the app: your current location. However, this time security researchers warn about new Android malware that uses a sneaky method to steal user credentials, including a phone number or credit card details. Deep linking in Android is a way to identify a specific piece of content or functionality inside an app.

The typical recommendations apply-Symantec's advice is to make sure your software is up to date, refrain from downloading apps from unfamiliar sites, pay close attention to the permissions that apps request, make frequent backups, and of course it pitches installing a mobile security app such as Norton. The malicious app keeps working in the background while checking for one of the 232 banking apps. Once the malicious app find any one of these banking apps, it sends a notification prompt mimicking that app to lure users into opening it. That makes everything seem legitimate, but in reality, the user's data was transmitted to a remote server.

US FCC chairman cancels tech event appearance after threats
He had to halt his controversial vote to scrap the USA government's net neutrality rules in December after a bomb threat . Update: Recode is reporting that Pai's cancelled CES appearance is the result of death threats being made against him.

When the user enters the information, it isn't actually providing it to Uber; the malware is using the fake interface to steal the login information from the victim.

'When a customer has to enter sensitive information such as a PIN or one-time password into the same channel where they had logged in to their online banking platform or initiated a payment, for example, it enables a fraudster listening in on or tracking that channel to capture the sensitive information, ' he adds.

The fact that the malware can intercept all incoming and outgoing SMS from the infected device is important, given that this enables the attackers to bypass SMS-based two-factor authentication on the victim's bank account (OTP).

Hector Bellerin salutes Arsenal's fighting spirit in 2-2 draw with Chelsea
However, Jack Wilshere opened scoring in the second half, slotting the ball past Thibaut Courtois at the near post. After the draw against Chelsea, Wenger said: "When opinions always go the same way it's coincidence".

'Because this phishing technique requires consumers to first download a malicious app from outside the official Play store, we recommend only downloading apps from trusted sources.

Like this: