One of the most popular cryptocurrency exchanges, Poloniex, fells prey to cybercriminals. Thus, due to the Poloniex's lack of an official app, the fraudsters managed to lure users into downloading credential stealing malware.
ESET security researchers discovered variations of the app in the Google Play store on two separate occasions:
- “Poloniex”, which was downloaded up to 5,000 times, despite having bad reviews
- “POLONIEX EXCHANGE” using the developer name “POLONIEX COMPANY”, was downloaded by up to 500 users
The app managed to harvest Poloniex login credentials as well as to trick victims into making their Gmail accounts accessible to the malicious app allowing them to control notifications to the user about unauthorized logins and transactions. Once exploited, the app attempts to appear functional by redirecting users to the mobile version of the legitimate Poloniex website.
If you're a Poloniex user and have installed any of these malicious apps on your device, start by uninstalling them. Make sure to change both your Poloniex and Gmail passwords and consider enabling 2-factor-authentication for both services.
ESET research team
Both Google and Poloniex have been notified of the malicious imposters. In order to prevent similar attacks, the users are recommended to check twice before downloading and using any app, to pay attention to app ratings and reviews, and be cautious of third party apps triggering alerts and windows appearing to be connected to Google.