This Fakeapp variant doesn't stop at presenting a copy of Uber's log-in screen. To give you a false sense of security and to prevent you from becoming suspicious and changing your password too soon, it even loads a screen from the legitimate app that shows your location after you press enter. It apparently does that by deep linking to a URL in the real application that starts up Ride Request activity using your location as the pick-up point.

Symantec says this case "demonstrates malware authors' neverending quest" to find new social engineering techniques to trick users. Its advice? The usual: make sure your software is updated, install reputable anti-malware apps and don't download from unfamiliar websites.

Update: An Uber spokesperson told Engadget: