Two credential stealing apps on the Google Play store have targeted users of popular cryptocurrency exchange Poloniex. The fake apps masquerade as the official Poloniex mobile app. Additionally, these apps not only collect Poloniex login credentials but also try to trick people into giving access to Gmail accounts to the attackers.
Fake Apps Removed… For Now
These two apps have now been kicked out of Google Play after ESER researchers informed Google of their presence.
Poloniex is a top cryptocurrency exchange that deals with over 100 virtual currencies where users can buy and trade. Its popularity is the key reason more fraudsters are drawn to tricking users.
With the increasing popularity of cryptocurrencies, many people new to the concept fall into traps. This happens due to a lack of knowledge about digital currency and how it’s traded. These fraudulent apps target newbies who are not fully aware of the number of scams targeting the crypto industry.
Cybercriminals utilize every opportunity they can to take over computing power to mine cryptocurrencies without the knowledge of a user. They hijack computers power via browsers and phishing attacks.
The Fraudulent Poloniex Apps
The first app slipped into the Play Store between August 28, 2017, and September 19, 2017, with the name “POLONIEX”. It also had the developer label “Poloniex”. Even with bad reviews and mixed comments the app still was installed by around 5,000 users.
The second app that sneaked into the Play Store was named “POLONIEX EXCHANGE” under the developer name “POLONIEX COMPANY”. The app was made available on October 15, 2017, and saw around 500 installs.
The apps were taken off the store after ESET’s notification to Google Play. Additionally, the researchers also informed Poloniex so the company could notify its clients to be careful of such fraudulent apps.
How These Fake Apps Steal Information
These malicious imposters use the apps to first retrieve credentials of the Poloniex account. To gain access to the official account one must have login details of the Poloniex account and the email account to command messages of unauthorized logins and transactions.
To gain user trust, these apps try to disguise the functionality and appearance to match the legitimate app so there is low or no suspicion. Both the malicious apps use the same method to steal information:
The stealing process starts as soon as the app is launched. A fake screen appears requesting users to enter the Poloniex credentials. Once the user enters the details and clicks on “sign in” the information is directly sent to attackers.
Once the crooks have access to the Poloniex login credentials, their next task is to steal email login details. Generally, users receive a prompt requesting to sign in with Google account for “two-step security check”. The prompt apparently appears from Google. If users “sign in” and mistakenly grant access to the email messages, these apps will also have control over their inbox.
With access to both Poloniex and email, attackers can carry out transactions and erase all notifications sent to victim’s inbox. This results in full compromise of the account.
To appear less suspicious, these apps direct users to the official website of Poloniex and ask them to sing in. The legitimate website opens every time the app launches, gaining users’ trust.
Double Verification Service
If a user does not have a two-step verification on the account, the attacker will gain control over their account. This gives the hacker the authority to carry out any transaction in the name of the user. The attacker also can lock them out of their account or change any setting on users’ behalf.
If the user has two-factor verification, the risk from imposter apps decreases. Poloniex provides its user with a double verification system through Google Authenticator. The 2FA creates random login codes that user receive via voice call, text or over the Google Authenticator app. It is impossible for the imposter to gain access to these secure codes — and clients’ accounts are safe.
As a Poloniex user, always ensure two-factor authentication service is enabled wherever possible. Also, if you think you’ve been attacked by fake apps then immediately change the login credentials of your Poloniex and email accounts.
And of course, before downloading an app, always check its rating and comments.
Have you ever been, or almost been, fooled by a fake phishing app? Tell us about it in the comments.
Images via fake Poloniex apps, Pixabay