Fake Cryptocurrency Trading Apps Harvest Credentials and Steal Cash

in #blogs7 years ago (edited)

Hackers are targeting users of the cryptocurrency exchange Poloniex, with two credential-stealing apps that masquerade as official mobile apps for the service.

()
ESET researchers discovered them on Google Play, built to not only harvest Poloniex login credentials, but also to trick victims into making their Gmail accounts accessible.

“Poloniex is one of the world’s leading cryptocurrency exchanges with more than 100 cryptocurrencies in which to buy and trade,” the researchers said, in a blog. “With all the hype around cryptocurrencies, cyber-criminals are trying to grab whatever new opportunity they can—be it hijacking users’ computing power to mine cryptocurrencies via browsers or by compromising unpatched machines, or various scam schemes utilizing phishing websites and fake apps.”

Both apps work the same way: First, they display a bogus screen requesting Poloniex login credentials, which are then sent on to the attackers. With the logins in hand, attackers can carry out transactions on the user’s behalf, change their settings or even lock them out of their account by changing their password.

The next step is a prompt, seemingly on behalf of Google, asking them to sign in with their Google account “for two-step security check.” The apps then ask for permission to view the user’s email messages and settings, and basic profile info. If the user grants the permissions, the app gains access to their inbox.

“With access to the user’s Poloniex account as well as to the associated Gmail account, the attackers can make transactions using the compromised account and erase any notifications about unauthorized login and transactions from the victim’s inbox,” the researchers said.

Users with two-factor authentication enabled are safe from attack.

Finally, in order to appear functional, the malicious app directs the user to the mobile version of the legitimate Poloniex website, which requests the user to sign in. After logging in, the user can access and use the legitimate Poloniex website. From then on, the app will only open the legitimate website each time it’s launched. Users are thus none the wiser that criminals have duped them—until money starts disappearing from their accounts.

The first app the security team analyzed was an app simply dubbed POLONIEX, published under the developer name Poloniex. It saw 5,000 installs between August 28 and September 19, despite mixed ratings and bad reviews.

The second app, the similarly straightforwardly named POLONIEX EXCHANGE, from the developer name POLONIEX COMPANY, appeared on Google Play on October 15, and reached up to 500 installs last week.

Both apps have been removed from the store upon ESET’s notification to Google.

Sort:  

There is alot of malicious apps and scams in this market, my advice is to use only the most knowed because they are the ones that get analysed by alot of people
Thanks for sharing

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://www.infosecurity-magazine.com/news/fake-cryptocurrency-trading-apps/

Congratulations @tateconcepts! You have received a personal award!

1 Year on Steemit
Click on the badge to view your Board of Honor.

Do not miss the last post from @steemitboard:

SteemitBoard Ranking update - Resteem and Resteemed added

Support SteemitBoard's project! Vote for its witness and get one more award!

Congratulations @tateconcepts! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Do not miss the last post from @steemitboard:

SteemFest⁴ commemorative badge refactored
Vote for @Steemitboard as a witness to get one more award and increased upvotes!