Microsoft has removed eight Windows 10 applications from its official app store after cybersecurity firm Symantec identified the presence of unauthorised Monero (XMR) coin mining code. Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.
Symantec reported the apps to Microsoft who have removed them from their store.
“We discovered several potentially unwanted applications (PUAs) on the Microsoft Store that surreptitiously use the victim’s CPU power to mine cryptocurrency,” Symantec posted on their blog.
Users could have been introduced to these apps through the top free apps list on the store, or through a keyword search. The samples Symantec found run on Windows 10, including Windows 10 S Mode.
Mining Malware Coinhive
The eight apps were, Battery Optimizer (Tutorials), FastTube, VPN Browsers+, Downloader for YouTube Videos, Fast-search Lite, Clean Master+ (Tutorials), Findoo Browser 2019, and Findoo Mobile & Desktop Search.
While the apps all provided privacy policies, there was no mention of cryptocurrency mining. Symantec’s analysis identified the strain of mining malware enclosed in the apps as being the web browser-based Coinhive XMR mining code.
Evidence uncovered indicated that all of the apps had been developed by the same person or group, despite the different names. They do know that the apps were issued by developers “DigiDream, 1clean and Findoo.
Symantec offered advice on how to protect yourself from online threats. Keep software up to date, never download apps from unfamiliar sites and only install from trusted sources, pay attention to the permissions requested by apps and keep an eye on CPU and memory usage of your computer or device, install a suitable security app and make frequent backups of important data.