Cryptojacking Apps Placed in the Microsoft App Store By Attackers
Security researchers found a cryptomining app in the Microsoft App Store. Researchers say that it was placed in the store between April and December 2018. It’s not clear how many users downloaded or installed the apps, but they had almost 1,900 user ratings.
However, the Symantec researchers believe the apps were created by a single person or group of attackers since they all share the same backend. The rogue applications posed as browsers, search engines, VPN, YouTube video downloaders and computer optimization tutorials and were uploaded by three developer accounts called DigiDream, 1clean, and Findoo.
The app that works as a web page but also has access to the computer hardware through APIs, to send push notifications, use offline storage and behave a lot like a native program. The programs were published as Progressive Web Applications (PWA), these applications run independently from the browser, under a standalone process called WWAHost.exe.
The script loaded by the apps is a variant of Coinhive, a Web-based cryptocurrency miner that has been used in the past by attackers to infect websites and hijack visitors’ CPU resources.
cryptocurrency mining remains of high interest to cybercriminals, and this incident only proves the case. Criminals have always been on the lookout for new ways to deploy coinminers, and what was the intention, whether it’s to hijack people’s personal computers or servers in datacenters, is still to be investigated.
Criminals have been trying to launch coinmining attacks through Android apps hosted on Google Play, through browser extensions for Google Chrome and regular desktop, Mozilla Firefox, through applications, through Windows 10 PWA, through compromised websites. There are also a variety of botnets that infect Linux and Windows servers with cryptocurrency mining programs by exploiting vulnerabilities in popular Web applications and platforms.
Users are advised to only download applications from trusted sources, whether on their mobile devices or computers. However, with rogue apps finding their place on official app stores, even that looks doubtful.