SecurityWeek | February 15, 2019
Eight applications designed to mine for crypto-currency without users’ knowledge made their way into the Microsoft Store, Symantec has discovered. The apps surreptitiously use the victim’s CPU power to mine for Monero and landed in the application marketplace as computer and battery optimization tutorial, internet search, web browsers, and video viewing and download programs. They target both Windows 10 and Windows 10 S. Although they were published in the Microsoft Store under three different developer accounts, namely DigiDream, 1clean, and Findoo, the programs were likely built by the same person or group, Symantec says. After being downloaded and executed, the apps would fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers. The script starts using the majority of the computer’s CPU cycles to mine Monero for the perpetrators. The offending applications were published in the application store between April and December 2018, most toward the end of the year. Despite being available for a relatively short period of time, however, the apps appear to have been downloaded by a significant number of users. “Although we can’t get exact download or installation counts, we can see that there were almost 1,900 ratings posted for these apps. However, app ratings can be fraudulently inflated, so it is difficult to know how many users really downloaded these apps,” Symantec notes. When launched, the apps silently visit a domain in the background and trigger GTM, a legitimate tool for developers to inject JavaScript dynamically into their applications.
Read More