Microsoft Store Found to Have 8 Apps Mining Monero Without Users’ Knowledge

Microsoft Store Found to Have 8 Apps Mining Monero Without Users' Knowledge

TL;DR: Symantec software engineers Yuanjing Guo and Tommy Dong revealed having found 8 “potentially unwanted applications (PUAs) on the Microsoft Store that surreptitiously use the victim’s CPU power to mine” Monero (XMR). Billed as the privacy enthusiast’s coin, XMR continues to be a haven for so-called cryptojacking, leading to other coins upping their privacy game.   

More Spice: Bitcoin White Paper Webcomic by Comics Legend Scott McCloud

8 Monero Cryptojacking Apps Found on Microsoft Store

“The apps—which included those for computer and battery optimization tutorial, internet search, web browsers, and video viewing and download—came from three developers: DigiDream, 1clean, and Findoo. In total, we discovered eight apps from these developers that shared the same risky behavior. After further investigation, we believe that all these apps were likely developed by the same person or group,” Symantec engineers detailed.

Microsoft Store Found to Have 8 Apps Mining Monero Without Users' Knowledge
A quick Whois lookup shows the apps’ servers have the same origin

Free applications are the main source of distribution for so-called cryptojacking apps. All of the examples found in the Microsoft App Store run on popular operating system Windows 10. Once downloaded, Google Tag Manager (GTM) triggers a Monero mining library, using CPU cycles.

There is debate about cryptojacking within the ecosystem. If enthusiasts want privacy, those “free” apps have to come from somewhere, and so it’s considered, in some circles, part of the “price” for the service. “Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store,” Symantec acknowledged.

Coinhive Again

Further complicating matters is how “GTM is a legitimate tool that allows developers to inject JavaScript dynamically into their applications. However, GTM can be abused to conceal malicious or risky behaviors, since the link to the JavaScript stored in GTM is https://www.googletagmanager.com/gtm.js?id={GTM ID} which doesn’t indicate the function of the code invoked,” they warn.

Microsoft Store Found to Have 8 Apps Mining Monero Without Users' Knowledge

The culprit once again is Coinhive. It’s a mining script for Monero, and it has been around since Fall of 2017. It’s linked to cryptojacking all over the world, from Iran to Japan, parts of Latin America, and even the San Diego Zoo. Whatever XMR’s other virtues, cryptojacking vulnerability appears to be one of its downsides, leading to a push by other projects, such as Bitcoin Cash (BCH), to up their privacy game.

Symantec recommends keeping software updated, not downloading from unfamiliar sites, using trusted sources, along with paying “close attention to the permissions requested by apps” and “to CPU and memory usage of your computer or device” in order to mitigate against such attacks.

Microsoft Store Found to Have 8 Apps Mining Monero Without Users' KnowledgeCONTINUE THE SPICE and check out our piping hot VIDEOS. Our podcast, The CoinSpice Podcast, has amazing guests. Follow CoinSpice on Twitter. Join our Telegram feed to make sure you never miss a post. Drop some BCH at the merch shop — we’ve got some spicy shirts for men and women. Don’t forget to help spread the word about CoinSpice on social media.