Cryptocurrency mining is an activity that consists of making use of computing/processing power to solve complicated algorithms and, as a reward, the “miner” gets a number of tokens of a determinate digital asset. Not all cryptocurrencies can be mined, but some of them can, such as Bitcoin (BTC) and Monero, just to name a couple of examples.

However, crypto mining can be nightmarish for people that have their devices compromised by mining malware that has been installed without consent or approval. The activity can be detrimental to the computer’s or smartphone’s performance, turning it slow and unresponsive.

Installing crypto mining malware has been one of the most recent forms of making a profit off innocent people’s devices and computers. And more often than not, people do not find out about the issue.

A Version of Coinhive

As it turns out, the Microsoft app store, had up to eight apps that were able to mine cryptocurrency illegally, according to a Symantec report published via a blog post this week. The eight apps allegedly had a version of Coinhive, which is a script used by hackers to mine Monero. The discovery was made by Symantec on January.

In the publication of the report’s results, Symantec informed that they let Microsoft know about the issue, and the online tech giant immediately shut down the problematic apps. They used to run on Windows 10, including the Windows 10 S Mode, which only allows users to download apps via the Microsoft Store.

The apps in question are Fast-search Lite, Battery Optimizer (Tutorials,) VPN Browser +, Downloader for Youtube Videos, Clean Master + (Tutorials,) FastTube, Findoo Browser 2019, and Findoo Mobile & Desktop Search.

The report states that the eight apps were made by a total of three developers. Most of them are related to battery optimization guides, web browsing, web search, and video streaming and download.

 “In total, we discovered eight apps from these developers that shared the same risky behavior. After further investigation, we believe that all these apps were likely developed by the same person or group,” Symantec explained in the post.

Symantec is a software firm based in the United States, most precisely in the State of California. It is of paramount importance to highly that the production of cybersecurity software and related services is its bread and butter.

The Modus Operandi

Once the user downloads the infected apps, they fetch the Monero’s mining JavaScript library thanks to the activation of the Google Tag Manager in their inactive servers. The script is enabled, and it harnesses most of the device’s CPU cycles with the intention mining the digital asset.

 “Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store,” according to Symantec. Sadly, and despite the apps being available for a relatively short period (from April to December 2018,) numerous people were affected by the issue.

Monero is cybercriminals’ favorite cryptocurrency, so much that they have accounted for almost 5 percent of the total supply in circulation. “Overall, we estimate there are at least 2,218 active campaigns that have accumulated about 720,000 XMR ($57 million),” Symantec wrote.

By Andres Chavez


Please enter your comment!
Please enter your name here