Cryptocurrency miners found on Microsoft Store
Eight potentially unwanted applications (PUAs) found to contain code that secretly mines for Monero
Around eight potentially unwanted applications (PUAs) have been discovered on the Microsoft Store that use a victim's computer to mine cryptocurrency.
The apps, which included those for computer and battery optimisation, internet search, web browsers, and video viewing and download and came from three developers: DigiDream, 1clean, and Findoo, according to a blog post by security researchers at Symantec,
"The mining script then gets activated and begins using the majority of the computer's CPU cycles to mine Monero for the operators. Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store," researchers said.
When each app is launched, a web domain is silently visited in the background and triggers GTM with the key GTM-PRFLJPX, which is shared across all eight applications.
The apps were put on the app store between April and December 2018, the investigation found. And while the apps were only on the store for a short time, a significant number of users may have downloaded them. Researchers said that there were almost 1,900 ratings posted for these apps.
The apps in question are Fast-search Lite, Battery Optimizer (Tutorials), VPN Browsers+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile & Desktop Search apps. Researchers said that they have informed Microsoft and Google about these apps, and they have since been removed from the store.
The news comes at a time when app stores are coming under increased pressure to improve the effectiveness of their app vetting procedures. Google's Play Store has long been criticised for hosting malicious applications, including those that host so-called 'cryptojacking' code and spyware.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now