Cryptojacking applications discovered in Microsoft Store

When reporting on malicious applications, it is common to hear about their existence in third-party sources or the Google Play Store. While these have undoubtedly been hotspots for such activity; in truth, no source of applications is 100 percent safe from infiltration. Hackers will look for any viable source to plug in their flawed applications in hopes of gaining access to a large pool of victims to exploit.

It is this reality that Microsoft had to deal with recently when InfoSec researchers uncovered cryptojacking applications in the Microsoft Store. In a post on the Symantec Threat Intelligence blog, researchers Yuanjing Guo and Tommy Dong went into detail about their findings. They discovered a total of eight applications that used CPU power unbeknownst to the user to mine for cryptocurrency. The applications were Fast-search Lite, Battery Optimizer (Tutorials), VPN Browser+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile and Desktop Search.

Guo and Dong investigated further and uncovered that, while it appeared that the applications in question were created by three separate developers (DigiDream, 1clean, and Findoo), they, in fact, were “likely developed by the same person or group” since they “shared the same risky behavior.” Further study of the mining script, which was uncovered to be linked to the notorious Monero cryptomining Coinhive library, was what ultimately solidified this conclusion. In their own words, Yuanjing Guo and Tommy Dong found that “by monitoring the network traffic from these apps, we found that they all connect to the following remote location, which is a coin-mining JavaScript library: http://statdynamic.com/lib/crypta.js

Once Symantec notified Microsoft of the cryptojacking applications, the company promptly removed them from its store. It is not known how many people have been victims of these applications, but researchers estimate that the number is rather large. The best thing to do at this point is to check and see if you are using any of these applications and delete them as soon as possible. Additionally, you should always be aware of how your device is functioning and know when to be suspicious if it seems abnormally slow. Chances are this means you are being affected by cryptojacking.

Featured image: Flickr / Comparitech

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Forbes hit by Magecart payment card skimming attack

The cybercriminals behind the Magecart payment card skimming hacks are at it again, and this time the venerable publication Forbes…

6 hours ago

Top 10 IT infrastructure certifications that can supercharge your career

Certifications can be a career-booster for IT pros. These IT infrastructure certifications can ensure your success in a hot and…

8 hours ago

Need to know? Checking the last logon username and time

You may want to know the last logon username for your Windows client computer and production server. With PowerShell, get…

10 hours ago

Google Cloud, ServiceNow announce new integrations

A new partnership between Google Cloud and ServiceNow makes digital workflows faster and more efficient, especially for IT operations.

12 hours ago

Windows Terminal offers helpful features for command-line users

Get your geek on! A new Windows Terminal application for command-line users includes tons of new features requested by community…

1 day ago

It’s all in your hands: Devising a winning cybersecurity strategy

Developing a robust cybersecurity strategy is one of your most effective tools for preventing an attack. But how do you…

1 day ago