BEWARE: Cybercriminals Dupe Poloniex Traders Using Password Stealing App
Malicious hackers are harvesting personal login credentials of cryptocurrency traders using official Android apps masquerading as the popular exchange Poloniex. The discovery was made on Tuesday by researchers from ESET, a Slovakian antivirus company. The team of experts has notified both Google and the real Poloniex exchange.
Over 5,000 victims fell for a fake app called ‘Poloniex' between 28 August and September 19. Cybercriminals used an app named ‘Poloniex' posing as an official app to lure victims into voluntarily sharing their credentials. After downloading and installing the app from the marketplace, a prompt requested users to login via a booby-trapped login screen. Any inputted account keys were set to route to the hacker's servers automatically.
Reportedly, users who had a 2-factor authentication (2FA) security in place managed to escape deeper levels of intrusion.
Lukas Stefanko, a threat expert from ESET, explained why it was so easy to dupe users on an official blog:
"Poloniex is one of the world's leading cryptocurrency exchanges with more than 100 cryptocurrencies in which to buy and trade. That alone makes it an attractive target for fraudsters of all kinds, but in this case, it was its lack of an official mobile app that the criminals used to their advantage."
This attack is not a one-off case. Poloniex has in the past issued multiple warnings to its users urging them to be cautious of impostor apps and websites, like in 2016 when the exchange tweeted:
"WARNING: There's an impostor Poloniex app in the Google Play Store. Do not use this; it may be malicious. There is no official Poloniex app."
Searching through Google Play at the time of publishing, Cryptovest uncovered a truckload of similar apps purporting to offer services related to Poloniex. Some such as ‘Poloniex - Bitcoin/Digital Asset' even went as far as using Poloniex's official logo.
With no official app, this attempt on users will likely persist.
The attacks are perhaps symptomatic of the vast amounts of value that flow through cryptocurrency exchanges and the hands of traders, currently valued at $171 billion. Cybercriminals are grabbing at any opportunity on a long list of sophisticated attacks including hijacking computer resources remotely to mine cryptocurrencies, launching hoax apps and websites to phish for sensitive data or undermining unpatched systems.
In previous years, the worst attacks have seen exchanges lose over $2 billion at today's valuation to successful cyber attacks.
Stay up to date with market trends and exclusive news!
News • Interviews • Events • ICOs • Reviews • Education • Glossary • About • Contact
Stay up to date with market trends and exclusive news!
Thanks for subscribing!
You're one step away from getting industry's latest news and updates. Please check your inbox/spam for a confirmation email and click on the link to confirm your subscription.