This site may earn affiliate commissions from the links on this page. Terms of use.

Equally shortly every bit there were smartphones, there was malware for smartphones. The wealth of personal data on a mobile device makes it a tempting target for internet ne'er-do-wells, and they're getting quite clever when it comes to fooling users into compromising their security. The latest malware scare is a nasty bit of code for Android chosen FakeApp. Every bit the name implies, it pretends to be another app to steal data. In this example, it'southward pretending to be Uber.

The FakeApp trojan was discovered by security firm Symantec through its regular monitoring of Android apps. The trojan takes over the user'due south screen at regular intervals, interrupting what you're doing. Usually existence noticed is not want malware wants, just this trojan is using a fleck of social engineering to flim-flam users into willingly giving away their personal data.

When FakeApp appears, it impersonates the Uber app. It insists the user needs to log into the app with their registered phone number and password. Anyone who inputs that data will be giving data away to the bad guys. The theft is covered upwards by the app using Uber'south deep linking URI to pull upwardly the "request ride" activity next. That makes everything seem legitimate, but in reality, the user's data was transmitted to a remote server.

One time the malware creators have a list of phone numbers, they can sell them to other scammers. Passwords are potentially more than valuable, as many people don't apply unique logins like they should and an Uber password could get the thieves into plenty of other accounts. When coupled with a phone number and SIM hijacking, the scammers might even be able to get into accounts protected with 2-factor authentication.

The good news here is information technology's not easy to get bitten past FakeApp. It'due south a standard Android app — it's not using any disquisitional security flaws to infiltrate your organization. That means you demand to download an APK file containing FakeApp, change your system settings to allow "unknown sources," and then open the APK to manually install.

Symantec says the all-time mode to avoid this threat is simply to make sure you lot aren't downloading apps from outside the Google Play Store. Shady third-political party app repositories specializing in pirated apps are just places FakeApp has been detected. Steer clear of those places and don't install suspicious APKs, and y'all'll be fine. If you do remember you've got FakeApp on your telephone, a factory reset ought to have care of it.

Now read: 25 Best Android Tips to Make Your Telephone More Useful