Microsoft Kicks Out 8 Crypto Jacking Apps from Its Store.

Software and hardware giant, Microsoft, has booted out 8 malicious crypto jacking apps from its official mobile and desktop app store.

This move was made after a cybersecurity team from Symantec discovered the free apps were sneakily mining for Monero Cryptocurrency (XMR) and made the announcement in a blog post.  

They noted the rogue apps posing as computer and battery optimization apps, web browsers, internet search, and video streaming were, in fact, crypto jacking. This is a general term used when an installed malware uses a phone or computer’s processing power to mine digital currencies without the user’s consent.

The eight malicious apps included VPN Browser +, Clean Master +, Findoo Mobile and Desktop Search, Downloader for YouTube Videos, Fast-search Lite, FastTube, Battery Optimizer (Tutorials), and Findoo Browser 2019.

After a thorough investigation, the team observed the malicious apps were developed by 1Clean, Findoo, and DigiDream. They further postulated the developers were probably the same person using different names. They also observed the apps were published between April and December last year.

Despite the fact that the malicious apps were available for a short period of time—as compared to the others—a significant number of users have downloaded them. This is mostly as a result of the apps listed amongst top free apps on the store and had received over 1,900 ratings.

According to the security team, immediately unsuspecting victims downloaded and launched any of the apps, they automatically fetched a coin-mining JavaScript library. This was done by triggering a Google Tag Manager (GTM) in their domain servers. Once the script is activated, the user’s CPU cycle is hijacked to mine XMR for the app developers.

While GTM is a legitimate tool that typically allows developers to inject JavaScript into an app, it can be abused to hide malicious behaviors. This was the first time a crypto jacking case had found its way to Microsoft’s store.

After Microsoft pulled the apps from its store, Google also reportedly removed the coin-mining JavaScript from GTM.