Cryptojacking applications discovered in Microsoft Store

When reporting on malicious applications, it is common to hear about their existence in third-party sources or the Google Play Store. While these have undoubtedly been hotspots for such activity; in truth, no source of applications is 100 percent safe from infiltration. Hackers will look for any viable source to plug in their flawed applications in hopes of gaining access to a large pool of victims to exploit.

It is this reality that Microsoft had to deal with recently when InfoSec researchers uncovered cryptojacking applications in the Microsoft Store. In a post on the Symantec Threat Intelligence blog, researchers Yuanjing Guo and Tommy Dong went into detail about their findings. They discovered a total of eight applications that used CPU power unbeknownst to the user to mine for cryptocurrency. The applications were Fast-search Lite, Battery Optimizer (Tutorials), VPN Browser+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile and Desktop Search.

Guo and Dong investigated further and uncovered that, while it appeared that the applications in question were created by three separate developers (DigiDream, 1clean, and Findoo), they, in fact, were “likely developed by the same person or group” since they “shared the same risky behavior.” Further study of the mining script, which was uncovered to be linked to the notorious Monero cryptomining Coinhive library, was what ultimately solidified this conclusion. In their own words, Yuanjing Guo and Tommy Dong found that “by monitoring the network traffic from these apps, we found that they all connect to the following remote location, which is a coin-mining JavaScript library: http://statdynamic.com/lib/crypta.js

Once Symantec notified Microsoft of the cryptojacking applications, the company promptly removed them from its store. It is not known how many people have been victims of these applications, but researchers estimate that the number is rather large. The best thing to do at this point is to check and see if you are using any of these applications and delete them as soon as possible. Additionally, you should always be aware of how your device is functioning and know when to be suspicious if it seems abnormally slow. Chances are this means you are being affected by cryptojacking.

Featured image: Flickr / Comparitech

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Making an IT investment in your SMB? This definitive guide is for you

Planning to make an IT investment in your small or medium-sized business? It is imperative that you spend your money…

2 days ago

Kubernetes service mesh market is a lot more than Istio

Adopting a service mesh is no longer a trend, it’s a necessity. A healthy sign of this is that Istio…

2 days ago

10 biggest 2018 data breaches — and what they mean for 2019

Ransomware and malware attacks hit big victims last year. This look at the biggest 2018 data breaches will keep us…

2 days ago

Xtreme Podcast: Is there still an ‘I’ in innovation?

In this week’s Xtreme Podcast: Where are the next tech innovations coming from? Also, business taglines can be funny; cyber…

2 days ago

New System Center 2019 focuses on datacenters, security, hybrid cloud

The brand-new Microsoft System Center 2019 allows users to deploy and manage Windows Server 2019 and is perfect for those…

3 days ago

Aluminum giant Norsk Hydro experiences serious ransomware attack

Aluminum producing giant Norsk Hydro is dealing with major disruptions in production and falling share price in the wake of…

3 days ago