United States-based software corporation Microsoft
has removed eight Windows 10 applications from its official app store after cybersecurity firm Symantec identified the presence of surreptitious Monero (XMR) coin mining code. The news was reported by Symantec on Feb. 15.
Stealth crypto mining — also know as cryptojacking – works by installing malware that uses a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. According to Symantec, the firm first detected malicious XMR mining code within eight apps — issued by three developers — on Jan. 17. After Symantec alerted Microsoft, the corporation is reported to have removed all eight products — although an exact date for their delisting is not provided.
The applications — which were marketed as part of the top free app listings on the Microsoft Store — reportedly included “a computer and battery optimization tutorial, internet search, web browsers, and video viewing and download,” and were issued by developers “DigiDream, 1clean and Findoo.” Upon closer investigation, Symantec has proposed that all eight apps have in fact likely been developed by the same person or group, rather than by three distinct entities.
Symantec representatives told technology news website ZDNet that this is the first time cryptojacking cases have been found on the Microsoft store. The apps’ stealth success reportedly stems from the fact they run independently from the browser in a standalone (WWAHost.exe process) window. Moreover, they have “no throttling which means [they can use] up 100% of user's CPU time.”
As Synmantec notes, while the suspect apps all provided privacy policies, they unanimously omitted any mention of cryptocurrency mining. The firm’s analysis identified the strain of mining malware enclosed in the apps as being the web browser-based Coinhive XMR mining code. Symantec says it has not been able to determine precise download or installation statistics, but observes that the apps received almost 1,900 ratings — whether or not these accurately reflect real users, or fraudulent bots, is difficult to ascertain.
Article Produced By