On Friday (February 15th), cybersecurity firm Symantec Corporation reported that it had found eight Windows apps on Microsoft Store that mine the privacy-focused cryptocurrency Monero (XMR) without users knowledge/permission.
On January 17th, Symantec reported to Microsoft “several potentially unwanted applications (PUAs)” that it had found on Microsofft Store, which it says were later removed by Microsoft. The eight apps came from three developers—DigiDream, 1clean, and Findoo—but Symantec’s investigation has led it to believe that “all these apps were likely developed by the same person or group.”
Symantec’s blog post explains how these apps work:
“As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers. The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators. Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store.”
The “JavaScript library” Symantec is referring to is “a version of the Coinhive library.” Coinhive is a company that “offers a JavaScript miner for the Monero Blockchain” that can easily be embedded on websites. Although some websites inform their users that they are using Coinhive to make money from mining Monero so that they can offer an ad-free experience, according to Symantec, since the Coinhive service became available in September 2017, “there have been many reports of it being used for cryptojacking without site visitors’ knowledge.”
According to research by Russian cybersecurity firm Kaspersky Lab, which was reported by Bloomberg on 14 December 2018, “hijacking computers to illegally mine cryptocurrencies has overtaken ransomware as the biggest cyber threat in the Middle East, Turkey and Africa.”
All Images Courtesy of Symantec Corporation.
