Same as other banking malware system, it will collect the data like the login credentials, contact lists, SMS and it will upload them directly to the malicious server. However, it has updated numerous times, and the recently discovered version tries to steal users credentials by deep linking URL in the real Uber app.
A number of apps run by prominent Indian banks like the State Bank of India, Axis Bank, HDFC Bank, ICICI Bank, IDBI Bank, Union Bank of Commerce, and Bank of Baroda have so far been targeted by the trojan.
The malware Android.banker.A2f8a is being distributed through a fake Flash Player app on third-party stores. The Flash Player app is a popular target for cybercriminals due to its prevalence. This fake app asks users for administrative rights just after setup.
After the completion of app installation, the icon will not appear to the users even though he/she taps on it. As soon it finds one of the targeted apps, it starts sending fake notifications which resemble the ones from the targetted apps.
According to Symantec, the trojan horse has a spoof version of the Uber app which periodically pops up on the user's device until it tricks them into entering their Uber ID and password.More news: North Korea strikes its own city Tokchon as test missile goes wrong
"This case again demonstrates malware authors' never-ending quest for finding new social engineering techniques to trick and steal from unwitting users", the company added. "It is strongly advised to keep device OS and mobile security app up-to-date".
When the user enters the information, it isn't actually providing it to Uber; the malware is using the fake interface to steal the login information from the victim.
Furthermore, the malicious application has the ability to intercept all incoming and outgoing SMSs from the infected device with which the attackers bypass the two-factor verification.
As a precaution, Quick Heal has warned Android users to avoid downloading apps from third-party sources or from links sent via text messages or emails.
"Because this phishing technique requires consumers to first download a malicious app from outside the official Play store, we recommend only downloading apps from trusted sources", an Uber spokesperson told ZDNet.