Microsoft Store Boots out Eight Apps Running Coinhive Monero Mining Scripts
February 24, 2019 by Akshay Makadiya
Cybersecurity firm Symantec Corporation has issued a warning after spotting clandestine crypto mining activity on a number of Windows 10 applications hosted on the Microsoft Store. Following Symantec’s alert, these apps have been booted from the digital distribution platform. Is cryptojacking still popular among cybercriminals?
Also read: Bitcoin Cash Locks in Schnorr Signatures for May Upgrade, Devs Say More Privacy and Efficiency
We love hearing from our readers. Sound off on our Twitter or Facebook pages
Check out our insights & interviews with influential insiders on the Bitsonline YouTube channel
And for the only source of UNFILTERED trading volume, head to CoinBillboard
Watch Out Microsoft Windows 10 Users
Last week, Microsoft removed eight applications hosted on its Microsoft store after learning that they were illicitly mining cryptocurrencies. Symantec notified Microsoft after discovering these applications running malicious Coinhive scripts — JavaScript code that predominantly mines the Monero cryptocurrency.
According to Symantec’s investigation, all eight apps were developed to target users of the Windows 10 operating system.
These malicious applications were hosted between April and December last year under three separate pseudonyms: DigiDream, 1clean and Findoo. However, Symantec’s deeper glance into the modus operandi of the apps suggests they’re the work of the same person or group.
The crypto mining apps that were designed to leech victims’ CPU power for profit were categorized into multiple categories to ensure that the cryptojacking attack was pervasive. Symantec’s alert did not shed light on the exact magnitude of the cryptojacking assault.
The apps are called Fast-search Lite, Clean Master+ (Tutorials), Findoo Mobile and Desktop Search, FastTube, Downloader for YouTube videos, VPN Browser+, Findoo Browser 2019 and Battery Optimizer (Tutorials).
Meanwhile, Symantec analysts stated that all eight applications are equipped with privacy policies but none of them have a word on crypto mining.
In a blog post, Symantec’s cyber security analysts highlight that these potentially unwanted applications (PUAs) use Google’s tag management system to deliver the Coinhive scripts.
Explaining the process, the cybersecurity researchers stated: “As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers. The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators.”
‘Cryptojacking’ No Longer a Major Threat?
Most cybercriminals favor mining Monero over other altcoins due to its anonymity feature, and the ease to mine it on consumer devices.
Similarly, just days back Taiwanese cybersecurity firm Trend Micro discovered a new tool that uses Mimikatz — an open-source credential viewer tool, and remote access tool Radmin, to install malicious crypto mining script to mine Monero.
While cryptojacking may seem prevalent, a report released by Symantec indicated that cybercriminals are slowly losing interest in illicit forms of crypto mining, as cryptocurrency prices have tanked most of this year. Should prices increase again, so may instances of malicious mining code.
Is cryptojacking really dying down? Share your views in the comments section.
Images via Symantec, Pixabay
