Amid Massive CoinHive Cryptojacking on Microsoft Platform, Company Removes Eight Free Apps
Most of the stories in the media about cryptojacking and hacking are due to a vulnerability in a crypto exchange or simply highly advanced hackers. However, in a new report by Symantec, Microsoft has been the victim of the presence of a surreptitious Monero mining code on multiple applications.
As such, Microsoft has since removed eight Windows 10 applications that were formerly found on the Microsoft Store.
Cryptojacking involves the installation of malware onto a device that takes the processing power of the computer or similar device towards crypto mining. This is all done without the victim knowing that any mining is taking place. In the report from Symantec, the XMR mining code was detected in eight applications, which were issued by three separate developers, in January.
Upon alerting Microsoft, the company acted quickly to remove the products, though they did not provide a date for when the delisting took place.
According to the report, the applications included “a computer and battery optimization tutorial, internet search, web browsers, and video viewing and download.” The applications were issued by developers “DigiDream, 1clean and Findoo.”
When Symantec investigated the issue further, the evidence appears to link all of the apps to the same developer, or at least a single group.
Representatives of Symantec spoke with the ZDNet tech news website about this situation, saying that there never has been evidence of cryptojacking detected in the Microsoft Store. The success of these hackers seems to come from the fact that they use a standalone window that runs separately from the browser.
The report indicated that they also have “no throttling which means [they can use] up 100% of user’s CPU time.
Though there are privacy policies included in all of the apps, they also refrained from including details about crypto mining. The strain of mining malware found is the Coinhive XMR mining code. There is been no details released about the download or installation statistics, but the 1,900 ratings could give some indication as to how far these downloads spread before they were discovered.
Cryptojacking recently became more threatening than ransomware, as far as cybersecurity risks in the Middle East, Turkey, and Africa. These details were the result of research performed by Kaspersky Lab, a cybersecurity research firm.