Microsoft has booted eight malevolent apps from its official desktop and app store that have been secretly mining monero (XMR) from unsuspecting computers. Researchers from Symantec discovered the eight malicious apps and informed Microsoft who took the necessary steps.
Apps Worked in a Similar Fashion
According to the official report from the researchers, an unknown number of users could have downloaded malicious apps via the official Microsoft Store. The Symantec report explains that all the apps were designed to work in a similar fashion.
The apps have been designed to load a Google-based tag-management library into their source code which they would use to download and execute the malicious payload. The offending apps were named Fast-search Lite, Battery Optimizer (Tutorials), VPN Browser+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019 and Findoo Mobile and Desktop Search.
Symantec’s Yuanjing Guo and Tommy Dong explained:
“In total, we discovered eight apps from these developers that shared the same risky behavior […] after further investigation; we believe that all these apps were likely developed by the same person or group.”
Activate Google Tag Manager (GTM)
The research team told ZDNet that they discovered the offensive apps on January 17, 2019, and went on to inform Microsoft who have since removed them from the Microsoft Store. The researchers believe the apps were created between April and December 2018 but most were most likely published towards the end of the year.
The mining script, made by Coinhive, once activated, uses a considerable amount of the users’ computer’s CPU cycles to mine the privacy-centric cryptocurrency monero.
The research team believes the apps, which use the same domain servers, were most likely developed by the same people using different names such as DigiDream, 1clean, and Findoo. Symantec has said that apart from Microsoft, they also contacted Google, who has also removed Google Tag Manager.
Cryptojacking malware targeting monero was a leading threat in crypto space in 2018 and has even targeted charity organizations like Make-A-Wish Foundation and The Los Angeles Times among others. Kaspersky Lab stated recently how a certain crypto mining attempt stole over $7 million in six months by infecting computers with mining malware.