Eight Cases of Cryptojacking Revealed in Microsoft Store

Last Modified:12 May 2020 17:35:04
Eight Cases of Cryptojacking Revealed in Microsoft Store

Symantec has recently announced that it has found a number of Potentially Unwanted Applications (PUAs) in Microsoft store. PUA is a kind of software which is installed on the system on the background without asking the user’s permission. This software can influence the user’s security. Therefore, antiviruses are continuously fighting such software. PUAs might show intruding advertisements on the system or use the system resources to suit the developers’ purposes. Such kind of software which uses the user’s system resources to mine cryptocurrencies is called cryptojacking or cryptominer. The increase in cryptocurrencies’ value has provoked many cyber criminals to develop and distribute such malicious software, in a way that we have seen the development of its different types in recent years. According to Symantec, it has discovered these eight malicious programs on January 17 and informed Microsoft too. Microsoft removed them after receiving the report accordingly.

These eight destructive programs include Fast-search Lite, Battery Optimizer (Tutorial), VPN Browser+, Downloader for YouTube Videos, Clean Master+ (Tutorial), FastTube, Findoo Browser 2019, and Findo Mobile and Desktop Search. According to the report by Symantec, all eight programs addressed Monero mining without users’ awareness. Moreover, further investigations by Symantec showed that all mentioned cryptojackings have been done and distributed by one or a group of designers; although distributed by three developers, namely, Findoo, 1clean, and DigiDream developers.

All eight cases apply the same method, and immediately after being installed on the victim’s system they begin launching GTM (Google Tag Manager) so that they would download the malicious code using that and execute their attack. Examining traffic of such programs shows that all eight programs have joined a fixed address to receive Monero mining code. There is an encrypted JavaScript code in this address which is, in fact, a version of Coinhive. Coinhive has been developed since 2017 to mine Monero. This code uses all existing resources of the system for mining. There have been some reports denoting the use of Coinhive to mine Monero in cryptocjackings before. Furthermore, these eight programs have claimed in their explanations that they will keep the user’s private zone, but they don’t disclose any details about Monero Mining for the user.

These programs have been published from April to December 2018; although, they have been in Microsoft store for a short time, but a significant number of them have been downloaded and installed. Of course, it is not possible to estimate the exact number of users due to fake reviews.

Security companies advise following precautions for the user’s security against cryptojackings:

• Keep your functional software up-to-date.

• Don’t download software from unknown sites.

• Install your functional programs just from trustful resources.

• Pay attention to the requested permissions by the software.

• Pay attention to the CPU and memory usage.

• Install suitable security programs on your system

• Make a backup from your important data regularly