The infamous Fakeapp Android malware is back, and this time it’s using deep linking to fool users into handing over Uber login credentials and related information like their current location. The malware can get onto a device a number of ways, mostly as part of a fake or pirated app downloaded from outside of the Play Store. Once a user has the newest variant of Fakeapp on their device, it will consistently pop up a prompt for the user to input their Uber login information. This prompt mimics the actual login screen from the Uber app. Once the user does that, the app attempts to lull the user into a false sense of security by using a deep link to Uber’s ride request activity, pulling the user’s current location info to fill in the form. This means that some users may not suspect that anything is wrong.

The implications of such an approach, and this malware, in particular, are quite disconcerting. Enterprising hackers will seemingly stop at nothing to obtain users’ personal information, and the fact that malware creators are now resorting to deep linking legitimate apps means that they may collectively be taking aim at a new form of social engineering designed to keep a user from being alarmed or figuring out that something has gone wrong until it’s too late. Stealing Uber information could potentially give thieves the ability to have a user buy up Uber gift cards en masse as a form of stealing money; the thieves could turn around and sell those gift codes. Naturally, since a user typically puts their credit or debit card information into the Uber app, a thief may be able to steal that information directly.

Symantec found the malware in the wild, across a variety of apps outside of the Play Store. Thankfully, most users should be safe, if they get their apps from trusted sources, or at least run some sort of antivirus. Norton and Symantec products detect this one with no trouble, under the same banner as previous versions of Fakeapp. Older variations of Fakeapp have taken a somewhat similar approach by stealing other apps’ identities and fooling users into entering sensitive information, thus the name Fakeapp.