INDEPENDENT NEWS

Several Cryptojacking Apps Found on Microsoft Store

By: Symantec
Published: Mon 18 Feb 2019 01:33 PM
Symantec Threat Intelligence: Several Cryptojacking Apps Found on Microsoft Store
Symantec found eight apps on Microsoft's app store that mine the cryptocurrency Monero without the user's knowledge.
In January, Symantec discovered several potentially unwanted applications (PUAs) on the Microsoft Store that surreptitiously use the victim’s CPU power to mine cryptocurrency. Symantec reporting these apps to Microsoft and they subsequently removed them from their store.
The apps — which included those for computer and battery optimisation tutorial, and video viewing and download — came from three developers: DigiDream, 1clean, and Findoo. In total, we discovered eight apps from these developers that shared the same risky behaviour. After further investigation, it is believed that all these apps were likely developed by the same person or group.
Figure 1. The eight cryptojacking apps found on the Microsoft Store
Users may get introduced to these apps through the top free apps lists on the Microsoft Store or through keyword search. The samples found run on Windows 10, including Windows 10 S Mode.
As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers. The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators. Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store.
Mitigation
Stay protected from online threats and risks by taking these precautions:
• Keep your software up to date.
• Do not download apps from unfamiliar sites.
• Only install apps from trusted sources.
• Pay close attention to the permissions requested by apps.
• Pay close attention to CPU and memory usage of your computer or device.
• Install a suitable security app, such as Norton or Symantec Endpoint Protection, to protect your device and data.
• Make frequent backups of important data.
To read the full Threat Intelligence Report please go to https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store

Next in Business, Science, and Tech

Business Canterbury Urges Council To Cut Costs, Not Ambition For City
By: Business Canterbury
The Business Canterbury submission addresses concerns over a 'rates hump' and the need for the Council to maintain affordability while managing cost pressures.
Wellington Airport On Track For Net Zero Emissions By 2028
By: Wellington Airport Limited
This progress is a highlight of the airport’s annual Kaitiakitanga report released today, outlining efforts to support the environment, people and communities.
ANZAC Gall Fly Release Promises Natural Solution To Weed Threat
By: Landcare Research
A Kiwi-Australian collaboration with a difference is underway this ANZAC Day week on Bikini Atoll in the Marshall Islands.
Auckland Rat Lovers Unite!
By: NZ Anti-Vivisection Society
On World Day for Animals in Labs, NZAVS is launching a new program to rehome rats bred or used for science with the University of Auckland.
$1.35 Million Grant To Study Lion-like Jumping Spiders
By: University of Canterbury
A University of Canterbury animal behaviour expert is part of a global team launching pioneering research into the predatory behaviour of jumping spiders.
Government Ends War On Farming
By: Federated Farmers
The changes to unworkable and expensive regulations mark the end of the war on farming, says Colin Hurst from Federated Farmers. Federated Farmers strongly believe that winter grazing, stock exclusion and on-farm biodiversity can be better managed through ...
View as: DESKTOP | MOBILE
Scoop Contact About Services Newsagent Login
Connect Submit News Social Media Scoop Network
Ethical Paywall Accredited Orgs. Licensing Terms of Use
© Scoop Media