Eight Malicious Crypto-Mining Apps Removed From Microsoftโs Windows App Store
Microsoft has removed eight applications from its Windows App Store that were mining Monero crypto-currency without the knowledge of users.
The illicit eight crypto-jacking Windows 10 applications were discovered by the cybersecurity company, Symantec in the month of January this year. Apparently, these apps were published in the Microsoft Store between April and December 2018, but many of them were published only towards the end of the year.
โOn January 17, we discovered several potentially unwanted applications (PUAs) on the Microsoft Store that surreptitiously use the victimโs CPU power to mine cryptocurrency. We reported these apps to Microsoft and they subsequently removed them from their store,โ Symantec said in aย blog post. ย
For those unfamiliar, crypto-jacking, also often referred to as drive-by mining, is the process whereby hackers and websites host sections of code that have theย ability to secretly siphon off your computer processing unitโs (CPU) power towards mining cryptocurrency for the offenders to make money from.
According to Symantec, all eight apps are likely developed by the same person or group. โThe apps โ which included those for computer and battery optimization tutorials, internet search, web browsers, and video viewing and download โ came from three developers: DigiDream, 1clean, and Findoo. In total, we discovered eight apps from these developers that shared the same risky behavior. After further investigation, we believe that all these apps were likely developed by the same person or group,โ Symantec added.
All the malicious apps that ran on Windows 10, including Windows 10 S Mode wereย Progressive Web Apps (PWAs). These areย web applicationsย that load like regularย web pagesย orย websitesย but can offer user functionality such asย working offline,ย push notifications, and device hardware access traditionally available only toย nativeย applications. PWAs combine the flexibility of theย webย with the experience of a native application.
Ironically, Microsoftโs Windows 10 S Mode is the most secure Windows 10 version, as it restricts app downloads to the Microsoft Store.
“As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers. The mining script then gets activated and begins using the majority of the computerโs CPU cycles to mine Monero for the operators. Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store.โ Symantec said.
The eight crypto jacking apps were published in the Storeย by three developers, “DigiDream”, “1clean”, and “Findoo”.ย These apps are Fast-search Lite, Battery Optimizer (Tutorials), VPN Browser+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, Findoo Mobile & Desktop Search.
All the eight apps collectively boasted over 1,900 reviews.ย However, since the app ratings can be fraudulently inflated, it is currently unclear how many of these app ratings and downloads are legal.
If you have installed any of the above-mentioned apps, it is suggested that you uninstall them as soon as possible. It is recommended that you keep your software up to date and avoid downloading apps from unfamiliar sites. Only install apps from trusted sources. Also, closely monitor CPU and memory usage of your computer or device.
Source: Symantec