Microsoft booted eight malicious apps from its official desktop and mobile app store after researchers found the programs surreptitiously mined for Monero cryptocurrency.
Researchers who discovered the apps said that an unspecified, but significant number, of users may have downloaded the rogue apps from the official Microsoft Store. The eight apps are; Fast-search Lite, Battery Optimizer (Tutorials), VPN Browser+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019 and Findoo Mobile and Desktop Search.
“In total, we discovered eight apps from these developers that shared the same risky behavior,” according to Yuanjing Guo and Tommy Dong, with Symantec in a Friday post. “After further investigation, we believe that all these apps were likely developed by the same person or group.”
Researchers said they discovered the apps on Jan. 17. Soon after, Microsoft was notified and it removed the apps from Microsoft Store. The apps were published between April and December 2018, with most of them published toward the end of the year.
Interestingly, researchers said the apps use shared domain name servers, and are likely published by the same developers using different names. The apps came from three developers: DigiDream, 1clean, and Findoo.
“Although we can’t get exact download or installation counts, we can see that there were almost 1,900 ratings posted for these apps. However, app ratings can be fraudulently inflated, so it is difficult to know how many users really downloaded these apps,” researchers said.
Cryptomining malware has turned into a top threat, according to a 2018 report– with attacks jumping higher than ransomware instances in the first quarter of 2018. In 2018, websites from the Make-A-Wish Foundation to the Los Angeles Times were discovered harboring cryptojacking code.
While the popularity of cryptojacking may not be a shock to the security industry, malicious cryptominers are increasingly using new sophisticated techniques. A March 2018 report by Kaspersky Lab highlighted how one cryptomining gang, tracked over six months, raked in $7 million with the help of 10,000 computers infected with mining malware.
Interested in learning more about mobile enterprise security threats and best practices? Don’t miss our free Threatpost webinar on Feb. 27 at 2 p.m. ET. Join Threatpost senior editor Tara Seals and a panel of mobile security experts, including Patrick Hevesi of Gartner; Mike Burr of Google Android; and David Richardson from Lookout. They’ll discuss the top evolving threats and risks that are unique to this work-from-anywhere environment; best practices for addressing them; and new challenges on the horizon, such as 5G services.