![Symantec Found 8 Cryptojacking Apps on the Microsoft Store That Mine Monero [XMR] Without Users’ Knowledge](https://crypto-economy.com//wp-content/uploads/2019/07/symantec.jpg)
On Friday 15th February 2019, the cybersecurity firm Symantec published a blog post detailing the discovery of “several potentially unwanted applications (PUAs) on the Microsoft Store that surreptitiously use the victim’s CPU power to mine cryptocurrency.” The security firm made these discoveries on January 17th and promptly reported them to Microsoft. Microsoft did not respond to the firm directly, however, it did delist the applications from its store immediately. All the apps discovered included a JavaScript code which allowed for the mining of the privacy-focused cryptocurrency Monero (XMR) without users knowledge/permission.
The apps identified by Symantec included “those for computer and battery optimization tutorial, internet search, web browsers, and video viewing and download.” In total, 8 applications were reported to be carrying the crypto jacking script and associated with them were three developers: DigiDream, 1clean, and Findoo. However, with more analysis, Symantec believes that “that all these apps were likely developed by the same person or group.”
The apps which were accessible through the Windows 8, 8.1 and 10 operating system Windows Store were easily searchable before they were taken down by Microsoft. According to the details provided by Symantec, the apps operate in the following manner:
“As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers. The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators. Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store.”
Symantec notes that all these apps were published between the months of April and December 2018 with a majority of them being published towards of the year. Despite their relatively short lives on the Windows Store, Symantec believes that they may have been downloaded severally owing to the thousands of reviews that they all had before they were taken down. The security firm could not find exact figures on the number of downloads that they each garnered but they collected on aggregate about 1,900 reviews. This number, however, should be treated cautiously as the figures could easily be inflated by nefarious individuals.
