A shocking new report by security firm Symantec alleges that at least eight apps on the Microsoft Store have been mining for cryptocurrency in the background after being downloaded.
In a blog post describing the security threats, the apps, which include Fast-search Lite, Battery Optimizer, VPN Browsers+, Downloader for YouTube Videos, Clean Master+, FastTube, Findoo Browser 2019 and Findoo Mobile & Desktop Search all engaging in ‘cryptojacking’.
This means that unbeknownst to the users that download these apps, they secretly use the processors of the PC they are installed on to mine for cryptocurrency. According to Symantec, these aps come from three developers: DigiDream, 1clean and Findoo, and it is likely they were developed by the same person or group due to the malicious code Symantec found.
The Microsoft Store is an app store (like Apple’s App Store for iPhones and iPads, and the Google Play Store for Android devices) that comes installed with Windows 10. Microsoft envisioned the Microsoft Store as a safe and secure place to install apps from, so the fact that Symantec has found a number of apps that surreptitiously mine for cryptocurrency will be a big blow to Microsoft’s claims that its Store is secure.
In fact, Microsoft has released Windows 10 S as a version of Windows that can only install apps from the Microsoft Store, and the company claimed this meant that Windows 10 S was more secure than regular Windows 10. However, as Symantec discovered, the cyptojacking apps can be downloaded and installed in Windows 10 S as well.
Having compromised apps on the Microsoft Store is a serious matter, so we have contacted Microsoft for an explanation. We will update this story when we hear back. In the meantime, if you have any of these apps installed, make sure you uninstall them straight away and run an antivirus program as soon as possible.