UPDATED 23:00 EDT / OCTOBER 25 2017

APPS

Fake cryptocurrency trading apps discovered on Google Play

Users of popular cryptocurrency exchange Poloniex Inc. are being warned to be careful after the discovery on two password stealing apps targeting them in the Google Play Store.

The apps, discovered by security researchers at ESET spol. s.r.o., were disguised as the legitimate Poloniex mobile app and also harvested Poloniex login credentials. In addition, the fake apps are also claimed to try to trick victims into making their Gmail accounts accessible to the attackers.

The first of the malicious apps, named “POLONIEX” with a publisher name of “Poloniex,” appeared on Google Play between Aug. 28 and Sept. 19 and was installed by up to 5,000 users. The second app, titled “POLONIEX EXCHANGE” with a publisher name of “POLONIEX COMPANY,” is said to have appeared on Google Play on Oct. 15 and was installed by up to 500 people before being removed.

According to the researchers, Poloniex customers who had two-factor authentication turned on with their accounts were protected from the malicious apps.

The apps were not Poloniex’s fault, but the company has had a mixed history when it comes to security. Its site was hacked in 2014, and in August this year a hacker was found to be selling details of a vulnerability that allowed bad actors to bypass the 2FA and email authentication used by Poloniex.

The last case is notable because the hacker selling the tool publicly claimed to have decided to sell the vulnerability only after having first tried to do the right thing in informing Poloniex of the flaw in June. The company failed to act.

Poloniex users who may have installed the malicious applications are advised to uninstall them immediately and to change both their Poloniex and their Gmail passwords. The ESET researchers said that other Poloniex users, along with anyone concerned about fraudulent apps, should always make sure the service they are using has an official app.

The best way to do this is to check whether it is linked on the service’s official website. Users should always pay attention to app ratings and reviews, while also being being cautious of third-party apps triggering alerts and windows appearing to be connected to Google.

Image: ESET

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Cookies

We employ the use of cookies. Find out more.