Cryptojacking applications discovered in Microsoft Store

When reporting on malicious applications, it is common to hear about their existence in third-party sources or the Google Play Store. While these have undoubtedly been hotspots for such activity; in truth, no source of applications is 100 percent safe from infiltration. Hackers will look for any viable source to plug in their flawed applications in hopes of gaining access to a large pool of victims to exploit.

It is this reality that Microsoft had to deal with recently when InfoSec researchers uncovered cryptojacking applications in the Microsoft Store. In a post on the Symantec Threat Intelligence blog, researchers Yuanjing Guo and Tommy Dong went into detail about their findings. They discovered a total of eight applications that used CPU power unbeknownst to the user to mine for cryptocurrency. The applications were Fast-search Lite, Battery Optimizer (Tutorials), VPN Browser+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile and Desktop Search.

Guo and Dong investigated further and uncovered that, while it appeared that the applications in question were created by three separate developers (DigiDream, 1clean, and Findoo), they, in fact, were “likely developed by the same person or group” since they “shared the same risky behavior.” Further study of the mining script, which was uncovered to be linked to the notorious Monero cryptomining Coinhive library, was what ultimately solidified this conclusion. In their own words, Yuanjing Guo and Tommy Dong found that “by monitoring the network traffic from these apps, we found that they all connect to the following remote location, which is a coin-mining JavaScript library: http://statdynamic.com/lib/crypta.js

Once Symantec notified Microsoft of the cryptojacking applications, the company promptly removed them from its store. It is not known how many people have been victims of these applications, but researchers estimate that the number is rather large. The best thing to do at this point is to check and see if you are using any of these applications and delete them as soon as possible. Additionally, you should always be aware of how your device is functioning and know when to be suspicious if it seems abnormally slow. Chances are this means you are being affected by cryptojacking.

Featured image: Flickr / Comparitech

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

wpDiscuz WordPress plugin: Critical vulnerability found and patched

Users of the wpDiscuz interactive comment WordPress plugin should implement a new patch as soon…

18 hours ago

Data lifecycle management: Policies and procedures for security and compliance

With the amount of electronic information consistently growing, data lifecycle management is crucial for compliance…

23 hours ago

Deploy Windows from the cloud to on-premises hardware? Yes, you can

Wouldn’t it be nice if you could deploy Windows from the cloud while sipping an…

4 days ago

Blackbaud data breach after ransomware attack hits universities, nonprofits

Blackbaud, a cloud services provider focused on the education sector and nonprofits, suffered a data…

4 days ago

Sending email from Linux terminal: Efficient and powerful solution

Knowing how to send email from the Linux command line is important, especially when you…

5 days ago

Family Tree Maker genealogy software experiences data breach

A data breach affecting popular genealogy software Family Tree Maker has been discovered and patched,…

5 days ago