Two password-stealing applications were recently discovered on Google Play, the official Android marketplace, and caught posing as popular US cryptocurrency exchange Poloniex.
The malicious software was designed by cybercriminals to help harvest credentials and trick victims into handing over access to their personal Gmail accounts, researchers found.
Experts from Eset, a Slovakian antivirus company, said this week (23 October) that both Google and the real Poloniex crypto exchange had been notified.
One of the apps, uploaded to the marketplace under the name Poloniex, had been installed up to 5,000 times between 28 August and 19 September.
A second rogue app, dubbed Poloniex Exchange, first appeared on 15 October this year and, before being removed, had gained up to 500 installs.
"Poloniex is one of the world's leading cryptocurrency exchanges with more than 100 cryptocurrencies in which to buy and trade," said Eset threat expert Lukas Stefanko.
"That alone makes it an attractive target for fraudsters of all kinds, but in this case, it was its lack of an official mobile app that the criminals used to their advantage."
Once launched, the app displayed a booby-trapped login screen requesting the user's details. If inputted, the account keys would be sent directly to the hacker's server.
Attackers would then be able to log in to modify passwords, settings and access rights.
Luckily, if two-factor authentication (2FA), an extra layer of security, was enabled on the legitimate Poloniex account then hackers would not be able to break through the defences.
If successful, the fraudsters could send a prompt to the malicious app asking users to sign in with their Gmail credentials – again in the hope of swiftly stealing them.
Once access was obtained from the targeted Poloniex account and its related Gmail account the hackers could make cryptocurrency transactions and cover their tracks, Eset said.
"With all the hype around cryptocurrencies, cybercriminals are trying to grab whatever new opportunity they can – be it hijacking users' computing power to mine cryptocurrencies or by compromising unpatched machines," Stefanko added in his blog post.
Users who have installed any Poloniex Android apps should urgently uninstall them and change any passwords associated with accounts from the exchange and Gmail.
Below are the steps you can follow to avoid falling victim:
- Make sure the service you are using really offers a mobile app – if that is the case, the app should have a link on the service's official website.
- Pay attention to app ratings and reviews.
- Be cautious of third party apps triggering alerts and windows appearing to be connected to Google – misusing users' trust for Google is a popular trick among cybercriminals.
- Use 2FA for an additional (and often crucial) layer of security.