Cryptocurrency miners found on Microsoft Store

Eight potentially unwanted applications (PUAs) found to contain code that secretly mines for Monero


Around eight potentially unwanted applications (PUAs) have been discovered on the Microsoft Store that use a victim's computer to mine cryptocurrency.

The apps, which included those for computer and battery optimisation, internet search, web browsers, and video viewing and download and came from three developers: DigiDream, 1clean, and Findoo, according to a blog post by security researchers at Symantec,

Advertisement - Article continues below

The researchers said that as soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers.

"The mining script then gets activated and begins using the majority of the computer's CPU cycles to mine Monero for the operators. Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store," researchers said.

When each app is launched, a web domain is silently visited in the background and triggers GTM with the key GTM-PRFLJPX, which is shared across all eight applications.

Researchers said that while GTM is a legitimate tool that allows developers to inject JavaScript dynamically into their applications, these malicious developers abused this to conceal malicious or risky behaviours.

The apps were put on the app store between April and December 2018, the investigation found. And while the apps were only on the store for a short time, a significant number of users may have downloaded them. Researchers said that there were almost 1,900 ratings posted for these apps.

Advertisement - Article continues below
Advertisement - Article continues below

The apps in question are Fast-search Lite, Battery Optimizer (Tutorials), VPN Browsers+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile & Desktop Search apps. Researchers said that they have informed Microsoft and Google about these apps, and they have since been removed from the store. 

The mining JavaScript has also been removed from Google Tag Manager.

The news comes at a time when app stores are coming under increased pressure to improve the effectiveness of their app vetting procedures. Google's Play Store has long been criticised for hosting malicious applications, including those that host so-called 'cryptojacking' code and spyware.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now



10 quick tips to identifying phishing emails

16 Mar 2020
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular


Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020