United States-based software corporation Microsoft has removed eight Windows 10 applications from its official app store.
United States-based software corporation Microsoft has removed eight Windows 10 applications from its official app store after cybersecurity firm Symantec identified the presence of surreptitious Monero (XMR) coin mining code. The news was reported by Symantec on Feb. 15.
Stealth crypto mining — also know as cryptojacking – works by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. According to Symantec, the firm first detected malicious XMR mining code within eight apps — issued by three developers — on Jan. 17.
After Symantec alerted Microsoft, the corporation is reported to have removed all eight products — although an exact date for their delisting is not provided.
The applications — which were marketed as part of the top free app listings on the Microsoft Store — reportedly included “a computer and battery optimization tutorial, internet search, web browsers, and video viewing and download,” and were issued by developers “DigiDream, 1clean and Findoo.” Upon closer investigation, Symantec has proposed that all eight apps have in fact likely been developed by the same person or group, rather than by three distinct entities.
All the detected samples reportedly run on Windows 10, including Windows 10 S Mode, and were variously published between April and December 2018. They reportedly work by triggering Google Tag Manager in their domain servers to fetch a coin-mining JavaScript library. Once the mining script is activated, the target’s computer CPU cycle is hijacked to mine XMR for the app developers.
Symantec representatives told technology news website ZDNet that this is the first time cryptojacking cases have been found on the Microsoft store. The apps’ stealth success reportedly stems from the fact they run independently from the browser in a standalone (WWAHost.exe process) window. Moreover, they have “no throttling which means [they can use] up 100% of user’s CPU time.”
As Synmantec notes, while the suspect apps all provided privacy policies, they unanimously omitted any mention of cryptocurrency mining. The firm’s analysis identified the strain of mining malware enclosed in the apps as being the web browser-based Coinhive XMR mining code.
Symantec says it has not been able to determine precise download or installation statistics, but observes that the apps received almost 1,900 ratings — whether or not these accurately reflect real users, or fraudulent bots, is difficult to ascertain.
Aside from Microsoft’s action to delist the apps, the mining JavaScript has also reportedly been removed from Google Tag Manager, following Symantec’s alert.
As reported, recent research from cyber security research firm Kaspersky Lab has revealed that cryptojacking overtook ransomware as the biggest cybersecurity threat — particularly in the Middle East, Turkey and Africa.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.