The news has not been kind to Uber in recent months, with several scandals and discriminatory allegations plaguing the company that has transformed transport in the modern era. The company is once again in the news, though this time through no fault of its own.
A new malware making the rounds on Android is using the company's app - more specifically, trying to mimic it - in order to fool users into giving away their credentials. The way it works is by sending out pop-ups for the users to enter their login and password, posing as the Uber app.
Once they've done so, the malware avoids detection by using a deep link to the real Uber app to display a screenshot of what you'd expect to see when you logged into the app: your current location. The nasty piece of software was first discovered by Symantec, which had this to say about it:
“To avoid alarming the user, the malware displays a screen of the legitimate app that shows the user’s current location, which would not normally arouse suspicion because that’s what’s expected of the actual app. This case again demonstrates malware authors’ neverending quest for finding new social engineering techniques to trick and steal from unwitting users.”
Thankfully, the errant software cannot be found on the Play Store and therefore unless you're downloading apps from other sources, which is often not a good idea, you should be safe. Symantec adds that they don't expect the malware to see widespread distribution and that those affected should be concentrated in Russian-speaking countries and only limited in number.
Uber issued a statement cautioning users from downloading apps from sources other than the Play Store but also assured them that in case they do make a mistake, the company has "a collection of security controls and systems in place to help detect and block unauthorized logins even if you accidentally give away your password.”