Get trading recommendations and read analytics on Hacked.com for just $ 39 a month
According to a recent report by ESET, the cyber security firm, two malicious Android apps have recently been deleted from Google Play store, as these were made to look like the official cryptomonnaie Exchange Poloniex official application in an attempt to obtain user identification information and, presumably to steal funds.
The apps, in what was essentially a phishing scam, took advantage of the fact that Poloniex had no official mobile app and had a website optimized for mobile. They used the logo and visual identity of Poloniex to make it look like they were an official app, and once they were stolen, they simply redirected users to the mobile website of the exchange.
Of the two, the most popular application was called "POLONIEX", created by a developer named "Poloniex", and was able to install up to 5,000 users. It was available on Google Play for about a month before it was deleted.
The other application, named "POLONIEX EXCHANGE" was published by "POLONEX COMPANY" and only received 500 installations before it was deleted. After discovering the existence of these applications, ESET informed Google – who deleted them – and Poloniex.
Both applications worked the same way. After launching, they asked users to enter their Polonyx login credentials on a phishing page, and then sent users a fake Google Alert, asking them to sign in to their Google Account, for a "check". two-step security "that required permission to view the user's e-mail messages, settings, and basic profile information.
Entering their credentials gave administrators enough application to retrieve a user's account and gave him permission to freely trade on stolen accounts because they could then delete security emails regarding unauthorized connections or withdrawals. ESETs reads the readings:
"With access to the user's Poloniex account as well as the associated Gmail account, hackers can perform transactions using the compromised account and clear any unsigned connection notifications. authorized and the transactions of the victim's mailbox. "
Notably, users who set up two-factor authentication (2FA) and who might have fallen for phishing scams should be safe, since the bad actors were unable to access Google Authenticator applications. of the user. Nevertheless, it is advisable that they revoke the granted access, and that they immediately change their Google and Poloniex passwords.
Other malicious applications Poloniex
ETHNews noted that a third fraudulent application of Poloniex may be available on the Google Play Store. It is called "Poloniex – Bitcoin / Digital Asset Exchange" and is proposed by a developer called "MIT Service". As the release note, there is no reason to believe that the Massachusetts Institute of Technology is affiliated with it. It already has between 1,000 and 5,000 downloads, and also reflects the Poloniex mobile website.
In the past, other fake Poloniex applications have been spotted on other platforms, to the point that traders have warned users not to use them.
DISCLAIMER: We have received reports of a phishing email that refers to an impostor site offering a Poloniex desktop application. This is malicious.
– Poloniex Exchange (@Poloniex) May 31, 2016
To stay safe, ESET advised users to make sure that the services they use offer a mobile app, to always pay attention to ratings and reviews of apps, and use 2FA. In addition, users must be cautious about Google's requests because cyber criminals are known to take advantage of Google's reputation for trust.
Image from Shutterstock.