It's the latest in Android malware that incorporates the real and the fake to steal your information and then hide the fact it just did.
For starters, Symantec says, there is the overlay trick: "To avoid alarming the user, the malware displays a screen of the legitimate app that shows the user’s current location, which would not normally arouse suspicion because that’s what’s expected of the actual app."
In addition, it may request your credentials or re-entering of your credit card data. Perhaps you have second thoughts about that, so the malware uses deep links to really pull you in:
"This is where creators of this Fakeapp variant got creative. To show the said screen, the malware uses the deep link URI of the legitimate app that starts the app’s Ride Request activity, with the current location of the victim preloaded as the pickup point."
So even if you've given information away, it appears on screen as if all is well - the bad actor's tracks are covered.
Read more about it here.
