The apps identified by Symantec included “those for computer and battery optimization tutorial, internet search, web browsers, and video viewing and download.” In total, 8 applications were reported to be carrying the crypto jacking script and associated with them were three developers: DigiDream, 1clean, and Findoo. However, with more analysis, Symantec believes that “that all these apps were likely developed by the same person or group.”
The apps which were accessible through the Windows 8, 8.1 and 10 operating system Windows Store were easily searchable before they were taken down by Microsoft. According to the details provided by Symantec, the apps operate in the following manner:
Symantec notes that all these apps were published between the months of April and December 2018 with a majority of them being published towards of the year. Despite their relatively short lives on the Windows Store, Symantec believes that they may have been downloaded severally owing to the thousands of reviews that they all had before they were taken down. The security firm could not find exact figures on the number of downloads that they each garnered but they collected on aggregate about 1,900 reviews. This number, however, should be treated cautiously as the figures could easily be inflated by nefarious individuals.