This is a cautionary tale of downloading apps you are not totally familiar with.
The story goes where two phishing apps made to look like the cryptocurrency exchange Poloniex were able to infiltrate Google Play and trick victims into downloading the programs.
The apps ended up cut from Google Play after ESET researchers notified Google.
The bad guys pulled the Poloniex logo and visual identity to make them look like the real thing, the researchers said. They took advantage of the fact the exchange never released an official mobile app.
The more popular of the apps – “POLONIEX” by a developer named “Poloniex” – existed on Google Play for a month, and ended up downloaded by 5,000, ESET researchers said.
The other one – “POLONIEX EXCHANGE” by a developer named “POLONIEX COMPANY” – reached up to 500 installs before Google removed it from the store.
With both of the apps, users would install it, and once they launched it, they were asked to enter their Poloniex login credentials, ESET researchers said.
Once the attackers gained those credentials, the app would ask them to sign in with their Google Account, ostensibly for a “two-step security check.”
If they did so, the app would ask for permission to view and access their email messages and settings, and to view their basic profile info.
Once the attackers gained that permission, and in order to appear functional and legitimate, the app would direct users to the mobile version of the Poloniex site.
“With access to the user’s Poloniex account as well as to the associated Gmail account, the attackers can make transactions using the compromised account and erase any notifications about unauthorized login and transactions from the victim’s inbox,” ESET researchers said in a post.