Eight more applications have been discovered on the Microsoft store that used the victim’s computer to mine Monero. These cryptojacking apps were promptly removed from the Microsoft store.
The apps came from 3 different developers although it is very likely that behind there is the same mind. We are talking about DigiDream, 1clean and Findoo, and a total of 8 applications with different functions: Fast-search Lite, Battery Optimizer (Tutorials), VPN Browser+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, Findoo Mobile & Desktop Search.
The apps were released between April and December last year. The Microsoft store was not able to remove the apps immediately. The malicious code of these cryptojacking apps exploited a Java Script library (Google Tag Manager – GMT). Thanks to this, malicious code was activated and all the apps redirected to it. Once decoded, it was discovered that this was a version of the Coinhive libraries, a system developed to monetise the navigation on web pages that is exploited by criminals to mine Monero without the knowledge of the victims.
Moreover, using special services, all the apps were connected to different domains registered with the same server, which is why it is believed that all the apps were published by the same developer but under different names.
It should be remembered that, to prevent these problems, that with the next Firefox update most of these attacks will be blocked, trying to prevent the phenomenon of cryptojacking by any means available.