Avid cryptocurrency traders ought to be extra careful what apps they download from Google’s Play Store – especially if they do their trading on popular exchange desk Poloniex.
ESET security researcher Lukas Stefanko has stumbled upon a malicious Poloniex copycat app designed to phish your credentials and steal your funds.
The researcher noted that when he first discovered the app, it was still in its “feeding phase” – meaning that it was set to redirect to the official Poloniex website until it has built up trust and a large enough user base.
“Once hundreds/thousands of users are logging into Poloniex through it, then it removes redirection and display only phishing screen to gain credentials,” Stefanko told TNW.
I found fake @Poloniex app on Google Play in a feeding phase.
After start, opens phishing web with redirection to legit Poloniex. If there is large user base then there wont be any redirection. pic.twitter.com/0UYMV9yIDA
— Lukas Stefanko (@LukasStefanko) March 28, 2018
The good thing is that it appears Google was swift to remove the malicious app from the Play Store. “It was removed from the Play Store after I tweeted about it,” Stefanko told us.
It remains unclear whether the attackers were able to swipe any credentials, but we’ve reached out to the Big G for a clarification and will update this piece accordingly, should we hear back.
In other news, Poloniex was recently acquired by Goldman Sachs-backed payment company Circle for a reported fee of $400 million.
For the record, this is hardly the first time a malicious app has slipped through the cracks to end up on Google’s mobile software distribution platform. Indeed, a couple of months ago Ethereum thieves were targeting Android users with fraudulent copycats of popular cryptocurrency wallet MyEtherWallet on Google Play.
Update: Google has since told us that they “always act swiftly to remove apps from Google Play that violate our policies.”
Published March 28, 2018 — 09:31 UTC