Symantec Discovers Multiple Cryptojacking Apps on Microsoft Windows Store
Last updated June 10, 2021
Eight apps were removed from the Microsoft store that was mining cryptocurrency on Windows 10 systems without user consent. The mining operations of the apps were caught by Symantec in January 2019.
All of the apps deployed a similar method of mining cryptocurrency. The apps took advantage of the Google Tag Manager (GTM) library which was embedded into the source code. Upon installation, the library installed malicious payloads to mine Monero using a pirated version of Coinhive. Hackers have secretly added Coinhive into a number of apps in the past to mine cryptocurrency without user consent and Microsoft Windows 10 users fell victim to the method as well.
According to Symantec experts "These apps fall under the category of Progressive Web Applications, which are installed as a Windows 10 app running independently from the browser, in a standalone (WWAHost.exe process) window.”
Users who installed the offending apps from the Microsoft Store noticed increased CPU usage due to the mining process in the background. There was no throttling implemented by any of the app developers to hide the mining activity either which means that user CPUs were being pushed to the limits.
With Microsoft Store not listing download figures, it is unknown how many users have been affected by the mining operations. Even though there are thousands of reviews on the apps the numbers cannot be trusted as many malicious apps take advantage of fake review services. Cryptojacking apps have been very popular in recent years due to the spike in interest in cryptocurrency globally. iOS and Mac OS users also faced similar problems in the past with app developers installing miners for their own profits.
What do you think about cryptojacking apps being found in the official Microsoft Store? Let us know of your opinion in the comments section below, and feel free to do the same on our socials, on Facebook and Twitter.