Security researchers from antivirus vendor Symantec discovered 8 malicious apps in the Microsoft Store that secretly consumed computer resources to mine cryptocurrencies. The apps were disguised as computer and battery optimization tutorial, internet search, web browsers, and video viewing and download app.
After the apps were installed, they downloaded and executed the CoinHive Javascript library. This Javascript library is sometimes also used by criminals to mine cryptocurrencies on websites and advertisements. CoinHive can only mine the privacy focused Monero cryptocurrency.
Advertisment: Kan Shopify iDEAL betalingen ontvangen?
The malicious apps were added to the Microsoft Store between April and December last year.
“Even though the apps were on the app store for a relatively short period, a significant number of users may have downloaded them,” according to the security researchers. One app even had more than 1,900 reviews. The researchers do note hat this number could have been artificially inflated by (purchased) fake reviews.
After Microsoft was informed about the issue, the company removed the apps from the store.
