Cyber SecurityInfo

Microsoft deletes eight cryptojacking apps from official store


Eight Windows 10 app were found to be mining the Monero cryptocurrency without the knowledge of the user and was removed by Microsoft from their official store.

The apps that were removed included Fast-search Lite, Battery Optimizer (Tutorials), VPN Browsers+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile & Desktop Search.

These malicious apps were discovered by a cyber security firm named Symantec based in US and They found that they were developed by three developers, namely DigiDream, 1clean, and Findoo.  According to their reports, the source code of the apps and adjacent domains made them believe that all the eight apps have been developed by the same person or group in spite of different names.

They stated that all the apps worked in the same manner where all loaded the Google Tag Manager (GTM) library within their source code, through which they later downloaded and executed the actual malicious payload.

This last-stage piece of code was a pirated version of the infamous Coinhive which is a JavaScript library that the hackers usually add to the hacked sites secretly to mine Monero using visitors’ browsers.

Besides hacked sites, the library was also used in apps that can execute JavaScript code, such as game mods, Android and iOS apps, and Windows 10 apps. This is the first time such apps are found on the Microsoft Store, Symantec has told ZDNet.

These apps are categorized as Progressive Web Applications, which are installed as a Windows 10 app running independently from the browser, in a standalone window. A malicious URL with mining script was detected which was backtracked to find these applications, explained Tommy Dong, Senior Principal Software Engineer at Symantec.

Those users who have installed these apps might have noticed that their CPU usage was very high as the Coinhive miner was responsible for using all available resources to mine Monero for the app developers.

As the Microsoft store does not show the total number of users downloaded, it is not clear how many users have been affected. But since the app has more than thousand reviews, they seemed to be popular. Still this cant be accurate as there are many online services that sell fake reviews in the Microsoft store.

The apps are normally called as cryptojacking apps or cryptominers. Cryptojacking refers to the practice of mining cryptocurrency without the knowledge of the user and today it is one of the most prevalent forms of cybercrime and the hackers make millions of US dollars in profits.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    How to Become a CISO?

    Previous article

    California’s Government Officials Support Cybersecurity Education

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *