Detected Cryptojacking Prompts Microsoft to Remove Eight Free Apps from Microsoft Store


0

United States-based software corporation Microsoft has removed eight Windows 10 applications from its official app store after cybersecurity firm Symantec identified the presence of surreptitious Monero (XMR) coin mining code. The news was reported by Symantec on Feb. 15.

Stealth crypto mining — also know as cryptojacking – works by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. According to Symantec, the firm first detected malicious XMR mining code within eight apps — issued by three developers — on Jan. 17.

After Symantec alerted Microsoft, the corporation is reported to have removed all eight products — although an exact date for their delisting is not provided.

The applications — which were marketed as part of the top free app listings on the Microsoft Store — reportedly included “a computer and battery optimization tutorial, internet search, web browsers, and video viewing and download,” and were issued by developers “DigiDream, 1clean and Findoo.” Upon closer investigation, Symantec has proposed that all eight apps have in fact likely been developed by the same person or group, rather than by three distinct entities.  

All the detected samples reportedly run on Windows 10, including Windows 10 S Mode, and were variously published between April and December 2018. They reportedly work by triggering Google Tag Manager in their domain servers to fetch a coin-mining JavaScript library. Once the mining script is activated, the target’s computer CPU cycle is hijacked to mine XMR for the app developers.

Symantec representatives told technology news website ZDNet that this is the first time cryptojacking cases have been found on the Microsoft store. The apps’ stealth success reportedly stems from the fact they run independently from the browser in a standalone (WWAHost.exe process) window. Moreover, they have “no throttling which means [they can use] up 100% of user’s CPU time.”

As Synmantec notes, while the suspect apps all provided privacy policies, they unanimously omitted any mention of cryptocurrency mining. The firm’s analysis identified the strain of mining malware enclosed in the apps as being the web browser-based Coinhive XMR mining code.

Symantec says it has not been able to determine precise download or installation statistics, but observes that the apps received almost 1,900 ratings — whether or not these accurately reflect real users, or fraudulent bots, is difficult to ascertain.

Aside from Microsoft’s action to delist the apps, the mining JavaScript has also reportedly been removed from Google Tag Manager, following Symantec’s alert.

As reported, recent research from cyber security research firm Kaspersky Lab has revealed that cryptojacking overtook ransomware as the biggest cybersecurity threat —  particularly in the Middle East, Turkey and Africa.


Like it? Share with your friends!

0

What's Your Reaction?

hate hate
0
hate
confused confused
0
confused
fail fail
0
fail
fun fun
0
fun
geeky geeky
0
geeky
love love
0
love
lol lol
0
lol
omg omg
0
omg
win win
0
win
COINTELEGRAPH

Choose A Format
Story
Formatted Text with Embeds and Visuals
Video
Youtube, Vimeo or Vine Embeds
List
The Classic Internet Listicles
Open List
Submit your own item and vote up for the best submission
Countdown
The Classic Internet Countdowns
Poll
Voting to make decisions or determine opinions
Ranked List
Upvote or downvote to decide the best list item
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Meme
Upload your own images to make custom memes
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format