Avid cryptocurrency traders ought to be extra careful what apps they download from Google’s Play Store – especially if they do their trading on popular exchange desk Poloniex.
ESET security researcher Lukas Stefanko has stumbled upon a malicious Poloniex copycat app designed to phish your credentials and steal your funds.
The researcher noted that when he first discovered the app, it was still in its “feeding phase” – meaning that it was set to redirect to the official Poloniex website until it has built up trust and a large enough user base.
“Once hundreds/thousands of users are logging into Poloniex through it, then it removes redirection and display only phishing screen to gain credentials,” Stefanko told TNW.
I found fake @Poloniex app on Google Play in a feeding phase.
After start, opens phishing web with redirection to legit Poloniex. If there is large user base then there wont be any redirection. pic.twitter.com/0UYMV9yIDA— Lukas Stefanko (@LukasStefanko) March 28, 2018
The good thing is that it appears Google was swift to remove the malicious app from the Play Store. “It was removed from the Play Store after I tweeted about it,” Stefanko told us.
It remains unclear whether the attackers were able to swipe any credentials, but we’ve reached out to the Big G for a clarification and will update this piece accordingly, should we hear back.
In other news, Poloniex was recently acquired by Goldman Sachs-backed payment company Circle for a reported fee of $400 million.
For the record, this is hardly the first time a malicious app has slipped through the cracks to end up on Google’s mobile software distribution platform. Indeed, a couple of months ago Ethereum thieves were targeting Android users with fraudulent copycats of popular cryptocurrency wallet MyEtherWallet on Google Play.
Update: Google has since told us that they “always act swiftly to remove apps from Google Play that violate our policies.”
Get the TNW newsletter
Get the most important tech news in your inbox each week.