Symantec, a cybersecurity software and services provider, covered news on Feb. 15 informing Microsoft about eight nefarious apps related to crypto mining. Microsoft cracked the whip by removing these apps from its Store.
Symantec found eight apps on Microsoft Store that mine Monero without the user’s knowledge.
Symantec cited about the illicit apps as –
“On January 17, we discovered several potentially unwanted applications (PUAs) on the Microsoft Store that surreptitiously use the victim’s CPU power to mine cryptocurrency. We reported these apps to Microsoft and they subsequently removed them from their store.”
The apps covered domain areas related to computer and battery optimization tutorial, internet search, web browsers, video viewing, and download. The three developers of these apps were DigiDream, 1clean and Findoo.
— Symantec (@symantec) February 15, 2019
Symantec confirmed that they discovered eight apps from these developers that displayed the same risk characteristics. After more snooping, it was understood that all these apps were most probably developed by the same person or group.
Users would get aware of these apps through the top free apps list on the Microsoft Store or through a keyword search. The apps generally run on Windows 10, including Windows 10 S Mode.
The apps were published mostly between April and December last year. Even though the apps are on Microsoft Store for a relatively short period, a significant number of users might have downloaded them. Although Symantec confirmed that it cannot get the exact download count, there were almost 1,900 ratings posted for these apps.
Symantec graciously put out mitigation steps to thwart such issues. These include keeping your software up-to-date, not downloading applications from untrusted sites, pay utmost attention to the permissions that an app demands, install reputed cyber security applications and making a backup of your important data.