ESET security researcher Lukas Stefanko recently took to Twitter to reveal that he’s found a fake Poloniex app on Google Play trying to gather the login credentials of cryptocurrency exchange users. The app pretended to belong to cryptocurrency exchange Poloniex, and was set to steal user credentials after gaining their trust.
Stefanko notes that he discovered the app while it was still going through its “feeding phase.” This means that the fake Poloniex app was redirecting users to the exchange’s official website, until it built a large enough user base. Its plan was to then be to switch the official website with a phishing screen.
Speaking to The Next Web, the researcher said:
“Once hundreds/thousands of users are logging into Poloniex through it, then it removes redirection and display only phishing screen to gain credentials.”
I found fake @Poloniex app on Google Play in a feeding phase.
After start, opens phishing web with redirection to legit Poloniex. If there is large user base then there wont be any redirection. pic.twitter.com/0UYMV9yIDA
— Lukas Stefanko (@LukasStefanko) March 28, 2018
The security researcher shared his findings on Twitter and presumably reported the app to Google Play. Google was seemingly efficient at protecting its users, as at press time the app is no longer available on the tech giant’s app store.
Whether the attackers managed to obtain any user’s login credentials is unclear, although it’s known other phishing campaigns are ongoing. As covered by Core Media, Poloniex staff have earlier this year denied rumors the company had been hacked, as a database of phished credentials surfaced.
Not the first fake Poloniex app
This is notably not the first time a malicious, fake Poloniex app made its way to Google Play. As Core Media reported late last year, this has happened before, with security researchers being on top of the issue at the time.
Poloniex itself, which has recently been acquired by Goldman Sachs-backed payments company Circle for a reported price of $400 million, has even had to publicly tweet about said apps in the past to keep users informed.
Fake apps for MyEtherWallet have also been found on Google Play. Their goal, naturally, was to trick Android users into entering their private keys, so they could then steal their funds.