8 Cryptojacking Apps were Detected in the Microsoft App Store

The crypto market might have been dominated by the bears and several crypto mining farms might have shut down, but cryptojacking is one activity that has not been affected by the market conditions. In fact, there were eight different cryptojacking apps that were found on the Microsoft app store.

The eight apps mined cryptocurrency on the host’s device without them knowing in the background. By using most of the CPU cycles to mine Monero, these apps surely caused a lot of damage to the trust of people in crypto. For an unsuspecting eye, there is no way of knowing if a particular app is legitimate or not.

These cryptojacking apps were found by Symantec and rightfully a complaint to take them off the app store was submitted to Microsoft; consequently, the apps were quickly removed. However, looking at the 1,900 different ratings that they have show the extent of the damage that they have caused.

How did the apps mine Monero?

The eight apps that were designed to crypto jack the user’s CPU usage were all apps that an everyday user would use like a browser, VPN or even a video downloading app. Only by running special software or by keeping a close eye on your CPU usage you would be able to notice the app’s true intention.

These apps used a javascript library to mine Monero on the host’s computers. However, if a javascript library was directly used, it would be quickly picked up by many software applications and the app would have never seen the daylight. Thus, all these apps made use of the Google Tag Manager (GTM) that allows users to inject javascript dynamically.

The GTM was used to call a javascript on the domain of these apps. This encrypted javascript library, when decrypted revealed the underlying coinhive script which was released with the sole purpose to mine Monero.

Who owned these apps?

The owner of these cryptojacking apps is still unknown. The developer used different names to register each app. However, the same domain name was hardcoded into each of these apps. Thus, we can assume that they were all created by the same person.

Cryptojacking apps and websites are not something new to the crypto world and have plagued this space for a very long time. However, seeing these apps surface on the official Microsoft App Store is truly surprising. These apps were released during the period between April 2018 and December 2018.

How can you protect yourself from such apps?

In order to save yourself from being a victim of cryptojacking, do not install unknown apps and never install apps from unknown sources. This reduces the overall risk of falling prey to such apps. Additionally, you can also install security apps such as Norton or Symantec which scan your computer regularly to make sure that such fraudulent apps are not present on your computer. You can also check your CPU usage frequently and any suspicious activity might be linked to a case of cryptojacking.

The easiest way to deal with such nuisance is by keeping all your software up to date. The security patches that you receive for your computer helps to keep such apps at bay.

Cryptojacking apps are parasites that plague the computer world. The worst part is that it is very hard to stop these at their source. However, you can take many precautionary measures such as installing reputed security software and keeping your computer up-to-date and avoid becoming prey to such apps.