Security researchers have discovered at least three fraudulent apps on the Google Play store purportedly tied to the Poloniex cryptocurrency exchange.
An article posted on IT security firm ESET’s news site We Live Security details how two of the apps, respectively called "Poloniex" and "Poloniex Exchange," were put onto the Android app service and downloaded more than 5,500 times before being removed. Reportedly, Poloniex does not have an official Android app.
The news (as well as the existence of the apps) highlights the cybersecurity pitfalls of cryptocurrency, as the high-dollar value of some digital assets has drawn the attention of would-be fraudsters. In this case, the apps asked Poloniex users to enter their account credentials, granting the fraudsters access to the victim's emails – thus giving them the ability to alter passwords and delete any evidence of outbound transactions.
ESET wrote in the article:
The researchers could not say how many people may have been adversely affected by the fake apps. The article notes that Poloniex allows users to enable 2-factor authentication (2FA) to protect their accounts from this type of attack. If a user has 2FA enabled, the attackers would not be able to log into an account even with the appropriate credentials.
The first app, Poloniex, was on Google Play for about three weeks and saw 5,000 downloads before being taken down on Sept. 19, 2017. The second was in the store for a few days and was downloaded 500 times until it, too, was removed.
As of press time, a third app – "Poloniex - Bitcoin/Digital Asset Exchange" is still available on the Play store, with at least 1,000 downloads to date.
Theft image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish, a cryptocurrency exchange, which in turn is owned by Block.one, a firm with interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets including bitcoin and EOS. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.