No More Crypto Jacking Apps on Microsoft Online Store

Kathleen Jordan
By Kathleen Jordan
Posted on Feb. 15, 2019
No More Crypto Jacking Apps on Microsoft Online Store

The Microsoft disinfected its online store after cleaning the platform by 8 applications. These were the malicious apps that triggered fraudulant crypto jacking.


The team at Symantic notified the firm of the existence of the free apps that were using user’s CPU power to mine Monero (XMR). Symantic notified Microsoft of the malicious apps on the 17th of January. Symantic summed up how the apps managed to access machines to mine Monero.


As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers.

The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators. Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store.

The removal of the apps was confirmed via a blog post earlier today that stated the following:

On January 17, [Symantic] discovered several potentially unwanted applications (PUAs) on the Microsoft Store that surreptitiously use the victim’s CPU power to mine cryptocurrency. We reported these apps to Microsoft and they subsequently removed them from their store.

The blog post went on to explain that the apps included those for computer and battery optimization tutorial, internet search, web browsers, and video viewing and download. All the 8 apps came from three developers: DigiDream, 1clean, and Findoo. Symantic went on to postulate that the three developers are probably linked to the same person/group. The apps were published between April and December 2018.


The eight apps included:


  1. Fast-search Lite
  2. Batter Optimizer (Tutorials)
  3. VPN Browser+
  4. Downloader for YouTube Videos
  5. Clean Master+ (Tutorials)
  6. FastTube
  7. Findoo Browser
  8. Findoo Mobile and Desktop Search


Even a short span of life at play store, or online store an application can contract many users. Few of the above apps supposedly got around 1900 ratings, making them a trusted download.


Top Gainer

HST
DECISION TOKEN
+361.82%
$0.14

Top Loser

KICK
KICKCOIN
-93.99%
$0.094
VIDEOS
loader gif
More