ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Friday Dec 15th 2017
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

Fraudulent Poloniex Apps Discovered On Google Play

By

Matthew

De Silva

WriterETHNews.com

On Monday, ESET reported that users of Poloniex have been targeted by fraudulent apps listed on Google Play. ESET discovered two “credential stealing apps” masquerading as mobile apps for the cryptocurrency exchange.

On October 23, 2017, IT security company ESET published a blog post describing how fake Poloniex mobile apps listed on Google Play (the app store for the Android operating system) are duping unsuspecting users of the cryptocurrency exchange. The apps reportedly harvest login credentials for Poloniex and attempt to compromise the Gmail accounts of victims to bypass two-factor authentication (2FA).

Poloniex does not have an official mobile app. It is unclear exactly how many users have been compromised as a result of these phishing attempts, and it’s not immediately apparent how much cryptocurrency might have been stolen.

So far, two malicious Poloniex apps have been discovered, according to Lukas Stefanko, a malware analyst at ESET.

The first fraudulent app was posted as “POLONIEX” with the developer listed as “Poloniex.” It received as many as 5,000 installations. The second app was posted as “POLONIEX EXCHANGE” and the developer was listed as “POLONIEX COMPANY.” It received as many as 500 installations before being removed when ESET notified Google Play.

A third fraudulent application might have been posted. “Poloniex – Bitcoin/Digital Asset Exchange,” offered by “MIT Service” was updated on October 18, 2017, and has received between 1,000 and 5,000 installations. There is no reason to believe that Massachusetts Institute of Technology is affiliated in any way. One indication of the app’s questionable authenticity is the polarized concentration of one-star and five-star reviews.

ESET closed its warning with guidelines for users to protect themselves from fraud:

  • Make sure the service you’re using really offers a mobile app – if that’s the case, the app should be linked on the service’s official website
  • Pay attention to app ratings and reviews
  • Be cautious of third party apps triggering alerts and windows appearing to be connected to Google – misusing users’ trust towards Google is a popular trick among cybercriminals
  • Use 2FA for an additional (and often crucial) layer of security
  • Use a reliable mobile security solution; ESET products detect these credential stealers as Android/FakeApp.GV

Other attack vectors that scammers have used in the past include Slack and Google Ads.

Matthew De Silva

Matthew is a writer with a passion for emerging technology. Prior to joining ETHNews, he interned for the U.S. Securities and Exchange Commission as well as the OECD. He graduated cum laude from Georgetown University where he studied international economics. In his spare time, Matthew loves playing basketball and listening to podcasts. He currently lives in Los Angeles. Matthew is a full-time staff writer for ETHNews.

ETHNews is commited to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Poloniex, Google Play or other Ethereum wallets and exchanges news.