Although we always recommend using official stores when downloading applications on all platforms, even in these, as in the Android Store, sometimes we can find malicious tools. In fact recently we found two apps of phishing that were made to go through the official exchange application criptomon and Poloniex, so have already been removed from the Google Play after investigators signing security ESET notify to Google its existence. However it should be noted that the attackers have used the logo and visual identity of the same Poloniex to make users believe that it was a legitimate application, but also have taken advantage of the fact that this company has never released an official mobile application.
Due among other things that everything related to the cryptonnet, for one reason or another, is in everyone’s mouth lately, the false tools that were impersonating the aforementioned Poloniex managed to hold in the official Google store for almost a month. Both operated in the same way, users downloaded and installed the application and, once launched, they were asked to enter their access credentials to Poloniex.
Once those credentials were sent to the attackers, the application asked them to log in with their Google account, supposedly for a two-step security check.
Again phishing tools in the Android Play Store
Once all the terms are accepted and the requested credentials are entered, the false application requested permission to view and access our e-mails and settings, as well as to access the basic information of our profile. Therefore, once this permission has been granted and in order for everything to appear functional and legitimate, the tool directs users to the mobile version of the Poloniex site.
However, with access to the user’s Poloniex account as well as the associated Gmail account , attackers can now conduct transactions using the compromised account and delete any notification about login and unauthorized transactions from the inbox of the victim. Similarly, users who have fallen into the trap but who had 2-factor authentication (2FA) enabled in their Poloniex account, would be safe from being stolen, although, yes, if they have given access to their account Gmail , they should change their password as soon as possible, and the same should be done in the Poloniex account.