Cryptojacking applications discovered in Microsoft Store

When reporting on malicious applications, it is common to hear about their existence in third-party sources or the Google Play Store. While these have undoubtedly been hotspots for such activity; in truth, no source of applications is 100 percent safe from infiltration. Hackers will look for any viable source to plug in their flawed applications in hopes of gaining access to a large pool of victims to exploit.

It is this reality that Microsoft had to deal with recently when InfoSec researchers uncovered cryptojacking applications in the Microsoft Store. In a post on the Symantec Threat Intelligence blog, researchers Yuanjing Guo and Tommy Dong went into detail about their findings. They discovered a total of eight applications that used CPU power unbeknownst to the user to mine for cryptocurrency. The applications were Fast-search Lite, Battery Optimizer (Tutorials), VPN Browser+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile and Desktop Search.

Guo and Dong investigated further and uncovered that, while it appeared that the applications in question were created by three separate developers (DigiDream, 1clean, and Findoo), they, in fact, were “likely developed by the same person or group” since they “shared the same risky behavior.” Further study of the mining script, which was uncovered to be linked to the notorious Monero cryptomining Coinhive library, was what ultimately solidified this conclusion. In their own words, Yuanjing Guo and Tommy Dong found that “by monitoring the network traffic from these apps, we found that they all connect to the following remote location, which is a coin-mining JavaScript library: http://statdynamic.com/lib/crypta.js

Once Symantec notified Microsoft of the cryptojacking applications, the company promptly removed them from its store. It is not known how many people have been victims of these applications, but researchers estimate that the number is rather large. The best thing to do at this point is to check and see if you are using any of these applications and delete them as soon as possible. Additionally, you should always be aware of how your device is functioning and know when to be suspicious if it seems abnormally slow. Chances are this means you are being affected by cryptojacking.

Featured image: Flickr / Comparitech

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

8 risks that cybersecurity insurance can manage or mitigate

As cyberattacks become more common and more expensive to recover from, companies are considering cybersecurity insurance as part of their…

6 hours ago

Chips are down: PokerTracker.com hit by Magecart hackers

Users of the popular PokerTracker.com site are getting way more than they bet on thanks to a vulnerability that opened…

11 hours ago

Biggest 2019 website outages and what caused them

The major website outages that occurred so far this year due to systemic flaws and poor infrastructure are certainly a…

14 hours ago

Time’s up: Why you should change your password expiration policy

Forced password expirations are a relic from days gone by and may actually weaken security. Is it time to alter…

1 day ago

IBM updates cloud-native software with Red Hat OpenShift

IBM’s purchase of Red Hat is paying dividends for users optimizing their technology for the cloud era. Here’s more on…

1 day ago

Ease the frustration of managing Office 365 in your enterprise

Office 365 has brought many efficiencies to businesses, but administering and managing it can often be frustrating. Fortunately, CoreView has…

2 days ago