Two phishing apps that were made to look like the official app of popular cryptocurrency exchange Poloniex have been booted off Google Play after ESET researchers notified Google of their existence.
About the removed apps
The miscreants have used the Poloniex logo and visual identity to create the illusion of a legitimate app, but have also taken advantage of the fact that the exchange never released an official mobile app.
The more popular of the apps – “POLONIEX” by a developer named “Poloniex” – managed to persist on Google Play for nearly a month, and was installed by up to 5000 users.
The other one – “POLONIEX EXCHANGE” by a developer named “POLONIEX COMPANY” – reached up to 500 installs before having been removed from the store.
Both operated in the same way: users would install the app, and once they launched it, they were asked to enter their Poloniex login credentials. Once those credentials were sent to the attackers, the app would ask them to sign in with their Google Account, ostensibly for a “two-step security check”.
If they did so, the app would ask for permission to view and access their email messages and settings, and to view their basic profile info.
Once that permission was granted, and in order to appear functional and legitimate, the app would direct users to the mobile version of the Poloniex site.
“With access to the user’s Poloniex account as well as to the associated Gmail account, the attackers can make transactions using the compromised account and erase any notifications about unauthorized login and transactions from the victim’s inbox,” the researchers noted.
Users who have fallen for these tricks but have two-factor authentication (2FA) enabled on their Poloniex account should be safe from getting robbed. But, if they’ve given the app access to their Gmail account, they should revoke it and change their password immediately. Changing the compromised Poloniex account password is also a good idea. Removing the malicious apps from your device should also be an obvious good move.
Not the first time, nor the last
This is not the first time that Poloniex users have been targeted with an impostor Poloniex app on Google Play.
Other instances of fake Poloniex apps for other platforms have been spotted last year, and prompted the operators of the exchange to say that they have never released nor do they have plans to release a downloadable application. “Any offer of a Poloniex Application is malicious,” they noted at the time.
A quick search of “Poloniex” on Google Play reveals a truckload of apps that offer some service or other tied to Poloniex, including another one that misuses the Poloniex logo: “Poloniex – Bitcoin/Digital Asset Exchange” by a developer named “MIT Service”:
Judging by the some of the user comments, and by the fact that the app asks users to enter their Poloniex account credentials, this is likely also a phishing app.