Microsoft Removed '8 Apps' From Its Store Infected With Monero Mining Malware.

Microsoft Removed '8 Apps' From Its Store Infected With Monero Mining Malware.

2019-02-16 | Mike Hallen

Microsoft Removed '8 Apps' From Its Store Infected With Monero Mining Malware.

In line with an official report published by cybersecurity firm ‘Symantec’, U.S. based software tech giant ‘Microsoft’ has removed eight Windows 10 apps from its official app store after the detection of the presence of illicit Monero [XMR] coin mining codes.

Stealth crypto mining - conjointly also known by the name of 'cryptojacking' – works by employing malware that uses a computer equipments power to mine for cryptocurrencies without the consent of its owner. In line with Symantec, the firm 1st detected malicious Monero [XMR] mining codes in eight apps - issued by 3 developers on 17th Jan.

After Symantec reported Microsoft, the corporation has removed all eight apps — although a delisting date isn’t yet provided.

The applications — that were marketed as a part of the top free app listings on the Microsoft Store reportedly enclosed “a computer & battery optimization tutorial, web search, internet browsers, and video viewing and download,” and were issued by developers namely “DigiDream, 1clean and Findoo.” Upon further investigation, Symantec has proposed that all the 8 apps have in fact probably been developed by the same person or cluster, instead of by 3 distinct entities. 

All the detected samples reportedly run on Windows 10, long with Windows 10 S Mode, and were released between April and December last year. They reportedly work by triggering Google Tag Manager in their domain servers to fetch a coin-mining JavaScript library. Once the mining script is activated, the target’s computer central processor cycle is hijacked to mine XMR for the app developers.

Symantec representatives stated that this is often the first time cryptojacking cases have been found on the Microsoft store. The apps’ stealth success reportedly stems from the actual fact they run separately from the browser in a stand-alone [WWAHost.exe process] window. Additionally, they need “no throttling that simply implies [they can use] up 100% of user’s central processor time.”

As Synmantec added, while the suspect applications also provided privacy policies, without mentioning of any cryptocurrency mining. The firm’s analysis detected the strain of mining malware enclosed within the apps as being the net browser-based 'Coinhive' XMR mining code.

Symantec added that it's not been able to verify actual downloads or installation statistics, however observes that the apps received over 1,900 ratings — whether or not these accurately replicate real users, or illicit bots, is a bit difficult to know.

Aside from Microsoft’s action to delist the apps, the mining JavaScript has conjointly reportedly been delisted from Google Tag Manager, following Symantec’s alert.

As reported earlier, recent analysis from another cyber security firm ‘Kaspersky Lab’ stated that cryptojacking overtook 'ransomware' as the biggest cybersecurity threat — notably within Middle East, Turkey along with Africa.

Leave a comment

Your email address will not be published. Required fields are marked *

Top 7 cryptocurrency overview

Best trading tool for cryptocurrency

2022 Top cryptocurrency Price Prediction List