Microsoft's Store is not a safe haven

[morfeus18]

Microsoft's Store is not a safe haven

 

 

 

Symantec discovered eight application in the official Microsoft Store that ran cryptomining operations without
informing the user about it in the background when installed.

One of the main arguments for integrating the Microsoft Store in Windows 8 and Windows 10, unveiled in 2011 by Microsoft
was that it protected users from installing malicious or problematic applications on their devices
because of a review process and other safeguards.

While it is certainly the case that Windows Store offers a safer environment, it is far from the safe haven that Microsoft would like it to be.

We talked about deceiving apps, copycat apps, and deceptive apps in the past, and covered Microsoft's attempts to improve quality by pruning low quality applications.
The introduction of PWA support appears to have opened the door for another type of unwanted software: cryptomining.

 

 

Symantec discovered eight applications in Microsoft Store that started cryptomining operations as soon as they
were installed and launched by users from the Microsoft Store.

The applications were published by three developers but there is strong evidence that a single person or group
is responsible for all of them. Evidence comes from the use of the same mining key and Google Tag Manager
key, and that all applications used the same origin (but different domains).

The apps were fairly popular, judging from the 1900 ratings that they received between publication in April 2018
and December 2018. It is certainly possible that part of the ratings came from fake accounts or services that rate apps in return for payment.

Microsoft does not reveal installation counts for applications; it is unclear if the applications landed on
thousands, hundred of thousands, or even more devices running Windows 10.

Windows 10 users were exposed to these applications in various ways: when they searched for apps in the Store
browsed the free listings, or were directed to the Store from websites that linked to these applications.

The applications fetched a JavaScript mining library using Google Tag Manager when they were launched for the first time after download and installation.
All applications included privacy policies but mining operations were not mentioned in any of them or the descriptions.
The applications used the majority of the computer's CPU cycles according to Symantec for mining operations.
Symantec informed Microsoft about the applications, and Microsoft has removed them in the meantime from the Store.

 

 

Source

[Jordan]

Already posted here.

Topic closed