This crackdown on illicit mining apps is a bold step to promote compliance on client machines.

Symantec, a cybersecurity software and services provider, covered news on Feb. 15 informing Microsoft about eight nefarious apps related to crypto mining. Microsoft cracked the whip by removing these apps from its Store.

Symantec found eight apps on Microsoft Store that mine Monero without the user’s knowledge.

Symantec cited about the illicit apps as –

“On January 17, we discovered several potentially unwanted applications (PUAs) on the Microsoft Store that surreptitiously use the victim’s CPU power to mine cryptocurrency. We reported these apps to Microsoft and they subsequently removed them from their store.”

The apps covered domain areas related to computer and battery optimization tutorial, internet search, web browsers, video viewing, and download. The three developers of these apps were DigiDream, 1clean and Findoo.

Symantec confirmed that they discovered eight apps from these developers that displayed the same risk characteristics. After more snooping, it was understood that all these apps were most probably developed by the same person or group.

Illicit crypto mining apps shown the door in Microsoft Store

Users would get aware of these apps through the top free apps list on the Microsoft Store or through a keyword search. The apps generally run on Windows 10, including Windows 10 S Mode.

The modus operandi of the apps was that as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM). The mining script then gets activated and begin using the majority of the computer’s power to mine Monero for the operators.

The apps were published mostly between April and December last year. Even though the apps are on Microsoft Store for a relatively short period, a significant number of users might have downloaded them. Although Symantec confirmed that it cannot get the exact download count, there were almost 1,900 ratings posted for these apps.

Symantec headlined that the GTM is a genuine tool that allows developers to inject JavaScript dynamically into their applications. However, GTM can be misused to conceal malicious or shady behaviors.

Symantec graciously put out mitigation steps to thwart such issues. These include keeping your software up-to-date, not downloading applications from untrusted sites, pay utmost attention to the permissions that an app demands, install reputed cyber security applications and making a backup of your important data.