ESET security expert Lucas Stefanko discovered a suspicious application of the Poloniex exchange, the true purpose of which was the theft of user data. This is reported by The Next Web.
Lukas Steefanko Tweet
Stefanko notes that when he first came across this application, it was at the "bait stage", that is, redirected users to the real Poloniex site, while its developers accumulated a reputation and user base.
Once hundreds/thousands of users are logging into Poloniex through it, then it removes redirection and display only phishing screen to gain credential.
This time, Google quickly removed malicious software from its application store. Whether the attackers could realize their plan before the application was deleted is unknown.