An article posted on the ESET’s news site “We Live Security” details how two applications, respectively called Poloniex and Poloniex Exchange, were placed on the Android application service and loaded more than 5500 times before being deleted. It is reported that Poloniex has no official application for Android.
The news also highlights the problems of cybersecurity of the cryptocurrency, because the high cost of some digital assets attracted the attention of potential scammers. In this case, the applications asked Poloniex users to enter their account credentials, giving scammers access to the victim's e-mails - thus allowing them to change passwords and remove any evidence of outgoing transactions.
Researchers could not say how many people may have been suffered from fake applications. The article notes that Poloniex allows users to enable two-factor authentication (2FA) to protect their accounts from this type of attack. If a user has 2FA enabled, the attackers would not be able to log in to the account, even with the appropriate credentials.
The first application, Poloniex, was on Google Play for about three weeks and saw 5,000 downloads before they were removed on September 19, 2017. The second one was in the store for several days and was downloaded 500 times, until it was also deleted.
As of the press time, the third application, "Poloniex - Bitcoin / Digital Asset Exchange", is still available on the Play Store, with at least 1000 downloads to date.
|