Cryptojacking applications discovered in Microsoft Store

When reporting on malicious applications, it is common to hear about their existence in third-party sources or the Google Play Store. While these have undoubtedly been hotspots for such activity; in truth, no source of applications is 100 percent safe from infiltration. Hackers will look for any viable source to plug in their flawed applications in hopes of gaining access to a large pool of victims to exploit.

It is this reality that Microsoft had to deal with recently when InfoSec researchers uncovered cryptojacking applications in the Microsoft Store. In a post on the Symantec Threat Intelligence blog, researchers Yuanjing Guo and Tommy Dong went into detail about their findings. They discovered a total of eight applications that used CPU power unbeknownst to the user to mine for cryptocurrency. The applications were Fast-search Lite, Battery Optimizer (Tutorials), VPN Browser+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile and Desktop Search.

Guo and Dong investigated further and uncovered that, while it appeared that the applications in question were created by three separate developers (DigiDream, 1clean, and Findoo), they, in fact, were “likely developed by the same person or group” since they “shared the same risky behavior.” Further study of the mining script, which was uncovered to be linked to the notorious Monero cryptomining Coinhive library, was what ultimately solidified this conclusion. In their own words, Yuanjing Guo and Tommy Dong found that “by monitoring the network traffic from these apps, we found that they all connect to the following remote location, which is a coin-mining JavaScript library: http://statdynamic.com/lib/crypta.js

Once Symantec notified Microsoft of the cryptojacking applications, the company promptly removed them from its store. It is not known how many people have been victims of these applications, but researchers estimate that the number is rather large. The best thing to do at this point is to check and see if you are using any of these applications and delete them as soon as possible. Additionally, you should always be aware of how your device is functioning and know when to be suspicious if it seems abnormally slow. Chances are this means you are being affected by cryptojacking.

Featured image: Flickr / Comparitech

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Microsoft exposed 250 million users’ private records in December

Microsoft exposed roughly 250 million customer service and support records last month. While the company says it secured all servers,…

4 hours ago

Keep a lid on your AWS cloud goodies with breach and attack simulation

If you store business data in the AWS cloud, you need to secure it against unauthorized access. A breach and…

7 hours ago

Amazon SES unveils new Bring Your Own IP feature

You’ve heard of Bring Your Own Device, and now there’s Bring Your Own IP. Here’s a look at this useful…

24 hours ago

Why API security is becoming the next big challenge

The shift to REST APIs has an unintended consequence for DevOps: new attack vectors. A security expert walks us through…

1 day ago

Can ‘silent meetings’ solve your IT planning woes?

Companies are adopting the concept of silent meetings as a way to make business meetings more productive. Does this work?

1 day ago

CES 2020: Latest innovations in laptops and smartphones

CES 2020 was more than just wild gadgets and crazy gizmos. There were some serious unveilings of new smartphones and…

2 days ago