The open web can be a dangerous place for cryptocurrency users. Phishing, trojans, and social engineering all come with the territory, ensuring that even the savviest of bitcoin-holders must remain alert. Within the walled gardens of Apple and Google’s app stores, however, there’s an assumption that if a mobile app has been vetted and downloaded in the thousands, it must be safe. That assumption couldn’t be further from the truth, as scores of users have discovered to their peril.
Fake Apps with Real Consequences
Neither the Google Play or App Store is immune from its share of fake, spammy, or fraudulent apps. But it is Android users who tend to suffer most at the hands of unscrupulous developers. One of the most egregious apps, which has hoodwinked thousands of users, is simply named Poloniex. Despite purporting to be the “Poloniex ® Offical App” [sic] of the popular cryptocurrency exchange, it is nothing of the sort. Its description boasts of such features as “Possible powerfull [sic] exchange BTC or altcoins.”
For users only taking a cursory glance at the app before hitting “Download”, it is easy to be taken in by the familiar logo and screenshots from the trading platform. A close inspection reveals a string of typos, suggesting that all is not right, an assessment which is borne out by the app’s average rating of just one star, based on 162 reviews.
The average web user might think twice before clicking on a suspicious email link, but will scarcely scrutinize the top result that appears in an app store. Judging by the hundreds of disgruntled comments, the “Poloniex ® Offical App” does nothing more than steal users’ account credentials followed by their coins…