When reporting on malicious applications, it is common to hear about their existence in third-party sources or the Google Play Store. While these have undoubtedly been hotspots for such activity; in truth, no source of applications is 100 percent safe from infiltration. Hackers will look for any viable source to plug in their flawed applications in hopes of gaining access to a large pool of victims to exploit.
It is this reality that Microsoft had to deal with recently when InfoSec researchers uncovered cryptojacking applications in the Microsoft Store. In a post on the Symantec Threat Intelligence blog, researchers Yuanjing Guo and Tommy Dong went into detail about their findings. They discovered a total of eight applications that used CPU power unbeknownst to the user to mine for cryptocurrency. The applications were Fast-search Lite, Battery Optimizer (Tutorials), VPN Browser+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile and Desktop Search.
Once Symantec notified Microsoft of the cryptojacking applications, the company promptly removed them from its store. It is not known how many people have been victims of these applications, but researchers estimate that the number is rather large. The best thing to do at this point is to check and see if you are using any of these applications and delete them as soon as possible. Additionally, you should always be aware of how your device is functioning and know when to be suspicious if it seems abnormally slow. Chances are this means you are being affected by cryptojacking.
Featured image: Flickr / Comparitech