After Apple and Google, the malefactors are turning their attention to the Microsoft app store as well. We have already reported several instances where the tech giants removed malicious cryptomining apps from Play Store or the App Store. This time, it is Microsoft doing the same thing. They removed eight malicious apps from the Microsoft Store that were used for cryptojacking.
Monero-Mining Apps Found On Microsoft App Store
Researchers at Symantec noticed the presence of malicious apps on the Microsoft app store. Upon scratching the surface, they found the apps secretly involved in cryptojacking.
The researchers discovered eight different applications from three developers behaving suspiciously. These apps supposedly offered device optimization features and facilitated users with other operations. For convenience and safety of users, Symantec has disclosed the names of these apps (shown below).
Cryptojacking apps removed from Microsoft Store (Source: Symantec)
All these eight apps belong to the developers Findoo, 1clean, and DigiDream. Researchers found them running on Windows 10, including the Windows 10 S Mode.
Regarding how these apps exploited the users’ devices, Symantec explained,
“As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers. The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators.”
Symantec further revealed that the apps made use of the infamous Coinhive script for mining Monero. Regarding the script, they have explained the details in their blog post. Besides, they also found that the servers behind all these apps link back to the same origin. This indicated that the apps belonged to the same developers who simply used different names to publish them.
Microsoft Removed These Apps. What Next?
After the discovery, Symantec informed Microsoft and Google about the apps. Fortunately, Microsoft removed all these from the app store. The malicious JavaScript was also removed from Google Tag Manager.
While these apps no more exist on the Microsoft Store, it doesn’t mean putting an end to the threat. Therefore, the users should stay vigilant while making any download. Avoid downloading apps or other software from untrusted/unfamiliar sources. Carefully review the permissions before allowing access to an app. Keep your device updated, back up your data, and install a good anti-malware from a reputable vendor to ensure adequate protection.
