PlayIconNav
BTC
$62,506.54+0.82%
ETH
$2,424.89+0.47%
BNB
$565.84+0.55%
SOL
$145.07+1.93%
XRP
$0.53134481+0.04%
DOGE
$0.11032804+0.86%
CD20
$1,932.15+1.08%
TRX
$0.15425761+0.36%
ADA
$0.35499999+1.47%
AVAX
$26.81+4.88%
SHIB
$0.00001793+3.88%
WBTC
$62,383.90+0.81%
Ad
Markets
Election 2024

8 Illicit Crypto-Mining Windows Apps Removed From Microsoft Store

Eight apps have been removed from Microsoft's app store after Symantec found they could illicitly mine cryptocurrency.

By Daniel Palmer
AccessTimeIconFeb 15, 2019 at 1:00 p.m. UTC
Updated Aug 18, 2021 at 10:45 p.m. UTC
Presented By Icon

Election 2024 coverage presented by

Stand with crypto
microsoft-11

A number of apps in Microsoft's app store have been found to be able to illicitly mine cryptocurrency.

The eight apps, discovered by Symantec on Jan. 17, hosted a version of Coinhive, a script for mining the monero cryptocurrency that has proved popular with cyber criminals.

VolumeMuteUnmute

Guild of Guardians Built to 'Win' the Web2 Mobile Space: Game Director

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0

    • In a blog post on the discovery, Symantec said it had reported the apps to Microsoft, which subsequently took them down. The apps all ran on Windows 10, including Windows 10 S Mode, which restricts app downloads to the Microsoft Store.

    Three developers, DigiDream, 1clean and Findoo, reportedly produced all the apps, which covered the areas of computer and battery optimization tutorials, web search, web browsing, and video viewing and download.

    Symantec wrote in the post:

    "In total, we discovered eight apps from these developers that shared the same risky behavior. After further investigation, we believe that all these apps were likely developed by the same person or group."

    ms-mining-apps

    After being downloaded and opened, the apps work by fetching the monero mining JavaScript library by triggering Google Tag Manager in their domain servers. The mining script is then activated and harnesses the bulk of the victim computer’s CPU cycles to mine the cryptocurrency. The JavaScript has also been removed from Google Tag Manager after Google was informed, the post said.

    "Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store," Symantec said.

    The apps were published from April to December of last year, although most were published toward the end of the year. Despite being on the Microsoft Store for a relatively short period, "a significant number" of users may have downloaded them onto their PCs, said the firm.

    Monero (XMR) is by far the most popular cryptocurrency among bad actors deploying mining malware, according to a study published last month. So much so that the author's of the research estimated that hackers have mined at least 4.32 percent of the total monero in circulation.

    “Overall, we estimate there are at least 2,218 active campaigns that have accumulated about 720,000 XMR ($57 million)," they wrote.

    Microsoft image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.

    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.