To cover up the credential theft, this malware uses deep links to Uber's legitimate app to display the user's current location - making it appear as though the user is accessing the Uber app instead of a malicious fake.
The Trojan malware, named "Android.banker.A9480", is created to steal personal data from users, Quick Heal Security Labs reports. "It is also strongly advised to keep device OS and mobile security app up-to-date".
Symantec was one of the first groups to spot this fake app, which when installed, presents users with a convincing copy of the Uber app. This includes mobile banking apps of Axis Bank, HDFC Bank (regular and LITE versions), SBI Anywhere Personal, iMobile by ICICI Bank, IDBI Bank (Go Mobile and Go Mobile+) and Union Bank. Once users download the malicious application, they get several prompts to activate administrative rights. Once this is done, the malicious app hides its icon soon after the user taps on it. In that banking apps, there are few banks belongs to India.
This malware has been found searching for 232 apps, related to banking and cryptocurrency services, as per the Quick Heal blogpost. A blog by Quick Heal Security Labs has brought to notice the existence of this malware named "Android.banker.A9480' that targets over 232 banking, cryptocurrency and e-commerce apps".
"If the user clicks on the notification, they are shown a fake login screen to steal the user's confidential info like net banking login ID and password", Quick Heal said.
However, just like other similar data-stealing malware, Android.Fakeapp also asks to enter credit card detail or enter a phone number. Hence it can get the OTP even though if we have kept two-factor authentication to our bank account. The public relations contact said that systems were already in place to help users "detect and block" unauthorised login attempts using hijacked passwords.
Users are being advised by banks and internet security firms to avoid downloading any apps from third party app stores or any links provided in an SMS or emails.
Still, it's a good reminder for users not to download apps from untrusted sources - sticking to the Google Play store is a good idea - and to expect sophistication from malicious apps.
As an extra precaution, go through the list of permissions every app requests from you during installation.