Symantec discovered eight potentially unwanted applications (PUAs) into the Microsoft Store that were dropping cryptojacking Coinhive miners.
The removed apps are Fast-search Lite, Battery Optimizer (Tutorials), VPN Browsers+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile & Desktop Search.
The malicious Monero (XMR)
“Users may get introduced to these apps through the top free apps lists on the Microsoft Store or through keyword search. The samples we found run on Windows 10, including Windows 10 S Mode.” reads the analysis published by Symantec.
The malicious apps were added to the Microsoft Store between April and December 2018.
Unlike Google Play, Microsoft Store doesn’t share information on the number of downloads installed on numerous devices, but experts pointed out that the apps have a large number of fake ratings, there were almost 1,900 ratings posted for these applications.
Once one of the apps is downloaded and launched, it fetches a
The analysis of the network traffic associated with the apps allowed the researchers to find the hosting server for each app. All the servers have the same origin, the apps were likely published by the same developers under different names.
Symantec provided the following recommendations to mitigate the threat:
- Keep your software up to date.
- Do not download apps from unfamiliar sites.
- Only install apps from trusted sources.
- Pay close attention to the permissions requested by apps.
- Pay close attention to CPU and memory usage of your computer or device.
- Install a suitable security app, such as Norton or Symantec Endpoint Protection, to protect your device and data.
- Make frequent backups of important data.