itb-au logo
Story image

Cryptomining apps discovered on Microsoft’s app store

18 Feb 2019

Symantec found eight apps on Microsoft's app store that mine the cryptocurrency Monero without the user's knowledge.

In January, Symantec discovered several potentially unwanted applications (PUAs) on the Microsoft Store that surreptitiously use the victim’s CPU power to mine cryptocurrency. 

These were Fast-search Lite, Battery Optimizer (Tutorials), VPN Browser+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile & Desktop Search.

Symantec reported these apps to Microsoft, and they have subsequently removed them from their store.

The apps — which included those for computer and battery optimisation tutorial, and video viewing and download — came from three developers: DigiDream, 1clean, and Findoo.  

In total, Symantec discovered eight apps from these developers that exhibited the same risky behaviour.

After further investigation, it is believed that all these apps were likely developed by the same person or group. 

Symantec Asia Pacific and Japan cybersecurity strategy manager Nick Savvides says that this points to a wider trend of crypto-related crybercrime as cybercriminals go where the money is.  

“Cybercriminals have gamed all of the app store processes of major platforms to get applications approved. There are a number of techniques that have used to avoid the generally automated detection and approval systems. Cybercriminals continue to evolve and increase the sophistication and complexity of their tactics.”

Users may get introduced to these apps through the top free apps lists on the Microsoft Store or through keyword search.  

The samples found ran on Windows 10, including Windows 10 S Mode.

Savvides adds that since the apps listed are all signed apps, they would have executed their malicious script, even in Windows’ high-security S Mode.

As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers.  

The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators.  

Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store.

Mitigation

Stay protected from online threats and risks by taking these precautions:

  • Keep your software up to date.

  • Do not download apps from unfamiliar sites.

  • Only install apps from trusted sources.

  • Pay close attention to the permissions requested by apps.

  • Pay close attention to CPU and memory usage of your computer or device.

  • Install a suitable security app, such as Norton or Symantec Endpoint Protection, to protect your device and data.

  • Make frequent backups of important data.

Story image
Webinar: The future of data centres in the face of climate change
Digital Realty has today announced a webinar based on its recent report exploring the role of data centres within the climate change debate, and will explore the viable solutions available to help data centre operators fight the rising tide of environmental challenges.More
Story image
Q&A: StorageCraft director on how backup and recovery has changed in 2020
Techday spoke to StorageCraft international product marketing senior director Florian Malecki, who discusses the importance of backup and recovery, the products and solutions that StorageCraft offers in this field, and the revenue opportunities partners can capitalise on. More
Story image
The ins and outs of cloud-native computing
For businesses and other organisations that want to get the most out of their approach to the cloud, cloud-native computing may provide the answer, writes Gigamon country manager for A/NZ George Tsoukas.More
Story image
E-waste becoming a massive issue for businesses, so what can be done?
E-waste is a global concern, and is quickly becoming a crisis of its own, the researchers state. In fact, more than 53 million metric tons of e-waste was produced in 2019.More
Story image
Pure Storage to offer validation for integrated partner solutions
Pure Validated Designs from Commvault and Vertica deliver blueprints for data protection and analytics on Pure architecture with more to come.More
Link image
Revealed: How to streamline the payroll process
Here are five top tips that can help you regain control of your day, cut down on errors, and take care of employees, the company, and yourself.More