Attackers place crypto-jacking apps in Microsoft App Store

In January, security researchers from Symantec found crypto-mining applications in the Microsoft App Store, but they were published in the store between April and December 2018.

It’s not clear how many users downloaded or installed the apps, but they had almost 1,900 user ratings.

The rogue applications posed as browsers, search engines, YouTube video downloaders, VPN and computer optimisation tutorials and were uploaded by three developer accounts called DigiDream, 1clean and Findoo.

However, the Symantec researchers believe the apps were created by a single person or the same group of attackers since they all share the same origin domain on the backend.

“As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers,” the Symantec researchers said in a report on Friday.

“The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators. Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store.”

The programs were published as Progressive Web Applications (PWA), a type of app that works as a web page but also has access to the computer hardware through APIs, can send push notifications, use offline storage and behave a lot like a native program.

AddSearch Reports


leave a comment

Create Account

Log In Your Account