The open web can be a dangerous place for cryptocurrency users. Phishing, trojans, and social engineering all come with the territory, ensuring that even the savviest of bitcoin-holders vereiste remain attent. Within the walled gardens of Apple and Google’s app stores, however, there’s an assumption that if a mobile app has bot vetted and downloaded te the thousands, it vereiste be safe. That assumption couldn’t be further from the truth, spil scores of users have discovered to their peril.
Fake Apps with Real Consequences
Neither the Google Play or App Store is immune from its share of fake, spammy, or fraudulent apps. But it is Android users who tend to suffer most at the forearms of unscrupulous developers. One of the most egregious apps, which has hoodwinked thousands of users, is simply named Poloniex. Despite purporting to be the “ Poloniex ® Offical App” [sic] of the popular cryptocurrency exchange, it is nothing of the sort. Its description boasts of such features spil “ Possible powerfull [sic] exchange BTC or altcoins.”
Seems legit. Isn’t legit.
For users only taking a cursory glance at the app before hitting “Download”, it is effortless to be taken te by the familiar logo and screenshots from the trading toneel. A close inspection exposes a string of typos, suggesting that all is not right, an assessment which is borne out by the app’s average rating of just one starlet, based on 162 reviews.
The average web user might think twice before clicking on a suspicious email listig, but will scarcely scrutinize the top result that shows up ter an app store. Judging by the hundreds of disgruntled comments, the “Poloniex ® Offical App” does nothing more than steal users’ account credentials followed by their coins.
Who’s to Blame?
The Poloniex app is by no means the only fraudulent one of its kleuter – there are at least five apps bearing the Poloniex name on Google Play alone. One of the reasons why Poloniex has bot so effortless to impersonate is because the exchange lacks its own official mobile app. This leaves a void which scammers have bot only too blessed to pack. If Poloniex wasgoed to kwestie its own app, spil most of its peers from Coinbase to Bitfinex have done, it would eliminate or hide most of the imitations ter one fell swoop.
It would also help if Poloniex did more to distance itself from third-party apps, its Twitter account hasn’t passed comment on the matter since early 2018, and thousands of users have since bot duped. The blame spel doesn’t zekering there tho’: Google Play also is worth criticism for not weeding out thesis apps and, to a lesser extent, users should be more omzichtig to the signs that such apps are blatantly fake.
“Eternal vigilance is the price of liberty – power is everzwijn stealing from the many to the few.” Those words were written by Wendell Phillips overheen a century ago, but they apply identically today. Scammers will attempt every possible attack vector to find a vulnerable target, there’s even bot reports of fake telephone support purporting to be from Coinbase and Kritiseren. Thesis hoaxes, which typically emanate from India, are merely an updated version of the Windows telephone support scam.
While the cryptocurrency space attracts its share of chancers, this problem is not isolated, overheen one million people downloaded a fake version of Whatsapp from the Google Play store, while Bankbot malware, which steals passwords and 2FA details, has bot deleted twice by Google, only to demonstrate up again, most recently under the name of ‘Crypto currencies market prices’.
Stay Safe and Think Before You Click
Users seeking to install a mobile app for their preferred cryptocurrency exchange, ticker or wallet would be advised to click on linksaf from the official exchange, ticker or wallet webpagina rather than risk stumbling upon a fraudulent version within an app store. Even when clicking on legitimate linksom, however, it pays to be cautious.
One security company recently probed the 90 most popular Android cryptocurrency apps, which have millions of downloads. Their findings? 94% used outdated encryption, 66% didn’t use encryption at all and 44% used hard-coded passwords stored te plain text.
While Apple’s ecosystem isn’t entirely squeaky clean, the bulk of the issues with fraudulent or poorly coded apps emanate from Android. Cryptocurrency holders who cherish their security may determine the safest bet is to reserve their trading for desktop and keep their cell phone for price checks.
Who do you think should bear the blame for users installing fraudulent apps? Let us know te the comments section below.