Η company security Symantec discovered a total of eight different infected applications that had a lot of traffic in the Microsoft Store, the online store for Windows.
According to a Symantec research, eight applications published in the Microsoft Store from April to December 2018 were designed to do mining in Monero cryptocurrencies. Worst of all, these applications received around 2.000 reviews, which means that a significant number of devices have been infected.
Although Symantec points out that app ratings can be inflated and appear crowded without actually being, and so it's difficult to really know how many users have downloaded these apps. Infected applications are programs tourς, συσκευές αναπαραγωγής πολυμέσων, συσκευές λήψης, tutorials βελτιστοποίησης μπαταρίας, βοηθήματα κατεβάσματος video from Youtube and apparently developed by the same person or team.
Once installed and launched on victims' computers, they download a JavaScript library for coin mining Monero. Users are not informed that their computers are being used for mining, even though their devices are significantly degrading their performance due to high CPU usage in the background.
Symantec says it has already notified Microsoft of the malware and that it has all been removed from the Microsoft Store. However, if you already have one of these applications installed, you should uninstall it as soon as possible. The eight infected illegal mining applications found in the Store are:
- Fast-search Lite
- Battery Optimizer (Tutorials)
- VPN Browser+
- Downloader for YouTube Videos
- Clean Master + (Tutorials)
- FastTube
- Findoo Browser 2019
- Findoo Mobile & Desktop Search