Fraudulent Poloniex Exchange Trading Apps On Google Play Discovered


Users of the Poloniex exchange are warned by ESET that malicious apps on Google Play app store seek to gain access to their accounts. The apps gain the users’ credentials upon installation setup, then direct users to the mobile website of the cryptocurrency exchange. Meanwhile, the criminals take control of the accounts and steal its contents.

Poloniex App Malware

Between the end of August and the middle of October, two different malware apps were released to Google Play and installed by thousands of Android users, as reported on the blog of the Irish branch of the computer security company ESET.

The apps used phishing schemes with authentic-looking images, screen designs, and instruction text to convince users to enter both their Poloniex exchange credentials and Gmail credentials. Poloniex was targeted not only because it is a popular Bitcoin and altcoin exchange, but the company has yet to release any official mobile apps.

Although the number of installations is known, experts have yet to assess the number of users who actually had their account compromised, nor how much cryptocurrency may have been stolen.

The Offending Apps

Beginning August 28, 2017, until its removal on September 19, 2017, a malicious app called “POLONIEX” from the publisher simply called “Poloniex” was installed by as many as 5000 users. Another app called “POLONIEX EXCHANGE” from the “POLONIEX COMPANY” was released on October 15, 2017, and gained nearly 500 downloads before being taken out of the Google Play store.

They both operated in a similar way, as previously described, but for those Poloniex users who had enabled 2FA, they were protected. The phishing scam had no way of accessing the secret seed used in setting up 2FA, nor could it be turned off by them since that would have required a one-time passcode generated by the 2FA.

At least two more suspicious apps have been released and are still available for download. One is called “Poloniex – Bitcoin/Digital Asset Exchange”, while the other is “POLONIEX ®”. Both have very critical ratings and reviews. Also, the support email in each case is directed to a poloniex.com domain to make it appear more authentic, even though Poloniex does not have an official mobile app.

What You Can Do

Firstly, if you have these apps, delete them immediately. Even if you did not use them, consider changing both your Poloniex and Gmail passwords. Additionally, ESET made the following recommendations:

  • Make sure the service you’re using really offers a mobile app – if that’s the case, the app should be linked on the service’s official website
  • Pay attention to app ratings and reviews
  • Be cautious of third party apps triggering alerts and windows appearing to be connected to Google – misusing users’ trust towards Google is a popular trick among cybercriminals
  • Use 2FA for an additional (and often crucial) layer of security
  • Use a reliable mobile security solution; ESET products detect these credential stealers as Android/FakeApp.GV

The importance of using 2FA cannot be overstated. In this scam, that clearly protected users, and you should always use the feature if available. Note, Two-Step Verification (2SV) is not as secure as 2FA because 2SV checks can be cleared either by SMS message or email; if the 2SV was configured to the same Gmail account that was also hijacked, then the criminals could also defeat the check.

Which brings up two other good security practices: do not reuse passwords, and do not reuse email addresses.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide