MSI Radeon RX 5600 XT Gaming Z review
Sapphire Pulse Radeon RX 5600 XT OC review
ASUS STRIX Radeon RX 5600 XT TOP review
Gigabyte Radeon RX 5600 XT Gaming OC review
Arctic Liquid Freezer II 280 liquid cooler review
Promo: Windows 10 Pro licenses for under 10 USD
Team Group MP33 NVMe 512 GB SSD Review
ADATA SE800 1TB Portable SSD review
Promo: Microsoft Office 2016 for $29.82
Corsair H100i RGB Pro XT liquid cooler review
Symantec catches 8 apps on Microsoft Store that secretly mined for cryptocoin
Yeah if you allow APPs in your store too easily, well could happen with your data, and what else can be done to make a profit? Well, you have an entire PC at your disposal some fraudulent APP designs figured, let's mine for crypto coin.
Symantec discovered eight malicious apps in the Microsoft Store that silently make use of your computer resources to mine cryptocurrencies. The apps were disguised as computer and battery optimization tutorial, internet search, web browsers, and video viewing and download app reports myce.
After the apps were installed, they downloaded and executed the CoinHive Javascript library. This Javascript library is sometimes also used by criminals to mine cryptocurrencies on websites and advertisements. CoinHive can only mine the privacy focused Monero cryptocurrency. The malicious apps were added to the Microsoft Store between April and December last year.
“Even though the apps were on the app store for a relatively short period, a significant number of users may have downloaded them,” according to the security researchers. One app even had more than 1,900 reviews. The researchers do note hat this number could have been artificially inflated by (purchased) fake reviews.
After Microsoft was informed about the issue, the company removed the apps from the store.
bigfutus
Senior Member
Posts: 523
Joined: 2003-11-22
Senior Member
Posts: 523
Joined: 2003-11-22
#5642001 Posted on: 02/20/2019 06:18 PM
So in other words, Microsoft doesn't bother to run the apps even once.
So in other words, Microsoft doesn't bother to run the apps even once.
fantaskarsef
Senior Member
Posts: 11155
Joined: 2014-07-21
Senior Member
Posts: 11155
Joined: 2014-07-21
#5642003 Posted on: 02/20/2019 06:20 PM
Your m$ store is brought to you by the same people that have given you hits like the all present Windows Defender.
You mean like their updates recently?
Your m$ store is brought to you by the same people that have given you hits like the all present Windows Defender.
So in other words, Microsoft doesn't bother to run the apps even once.
You mean like their updates recently?
lucidus
Senior Member
Posts: 11856
Joined: 2011-12-31
Senior Member
Posts: 11856
Joined: 2011-12-31
#5642004 Posted on: 02/20/2019 06:22 PM
The main selling point of app stores is security. Without that, the MS store is more useless than it already is together with the limitations of UWP. Even Google Play/chrome store has these issues. Meh.
The main selling point of app stores is security. Without that, the MS store is more useless than it already is together with the limitations of UWP. Even Google Play/chrome store has these issues. Meh.
waltc3
Senior Member
Posts: 1024
Joined: 2014-07-22
Senior Member
Posts: 1024
Joined: 2014-07-22
#5642014 Posted on: 02/20/2019 06:49 PM
If it's at all like the crypto-mining virus/malware I picked up a few years ago, it is anything *but* silent, fortunately. I noticed it because of my GPU fans ramping up to full when I was web browsing. Chased down the symptoms on the Internet and found a very easy-to-execute removal remedy--on a Steam forum, believe it or not. It amounted only to a few simple file deletions--no 3rd-party AV software required in that case. Nuked it immediately, and never had trouble again. Never did know where I picked it up, though...that was the baffling thing. (the Microsoft store either didn't exist at the time, or I had not used it, can't recall which.)
If it's at all like the crypto-mining virus/malware I picked up a few years ago, it is anything *but* silent, fortunately. I noticed it because of my GPU fans ramping up to full when I was web browsing. Chased down the symptoms on the Internet and found a very easy-to-execute removal remedy--on a Steam forum, believe it or not. It amounted only to a few simple file deletions--no 3rd-party AV software required in that case. Nuked it immediately, and never had trouble again. Never did know where I picked it up, though...that was the baffling thing. (the Microsoft store either didn't exist at the time, or I had not used it, can't recall which.)
tsunami231
Senior Member
Posts: 9864
Joined: 2003-05-24
Senior Member
Posts: 9864
Joined: 2003-05-24
#5642108 Posted on: 02/20/2019 11:01 PM
so MS store is about as safe as google play store where they dont really test what is put up there to make sure it safe? or legal? I still refuse to use MS store and I never will.
the only app store I use is apple store for tablet and phone, and only thing I really downloaded from that is FFBE and Gmail and there assorted office apps
so MS store is about as safe as google play store where they dont really test what is put up there to make sure it safe? or legal? I still refuse to use MS store and I never will.
the only app store I use is apple store for tablet and phone, and only thing I really downloaded from that is FFBE and Gmail and there assorted office apps
K.S.
Senior Member
Posts: 2053
Joined: 2009-06-07
Senior Member
Posts: 2053
Joined: 2009-06-07
#5642133 Posted on: 02/21/2019 12:15 AM
Yeah this stuff pains my ass been on it since utorrent got pwnd off years ago and now's crawling with mining among other clients... that was before the store came along...
same with browser extensions, no coin etc
Yeah this stuff pains my ass been on it since utorrent got pwnd off years ago and now's crawling with mining among other clients... that was before the store came along...
same with browser extensions, no coin etc
RealNC
Senior Member
Posts: 3123
Joined: 2011-11-24
Senior Member
Posts: 3123
Joined: 2011-11-24
#5642175 Posted on: 02/21/2019 03:11 AM
They most probably do. But how can you know whether it's malware or not just by running it? These things are usually remote controlled. They only start mining once they get the "go" signal from a server they connect to.
So in other words, Microsoft doesn't bother to run the apps even once.
They most probably do. But how can you know whether it's malware or not just by running it? These things are usually remote controlled. They only start mining once they get the "go" signal from a server they connect to.
sverek
Senior Member
Posts: 5524
Joined: 2011-01-02
Senior Member
Posts: 5524
Joined: 2011-01-02
#5642176 Posted on: 02/21/2019 03:13 AM
How youtube video downloader is even allowed on M$ store. If this doesn't scream malware, I don't know what is.
How youtube video downloader is even allowed on M$ store. If this doesn't scream malware, I don't know what is.
Backstabak
Senior Member
Posts: 497
Joined: 2015-11-13
Senior Member
Posts: 497
Joined: 2015-11-13
#5642251 Posted on: 02/21/2019 09:40 AM
This is very ironic as the main advertisement of MS store is security. They even have a setting in win 10 that only allows apps to be installed from their store, as they are supposedly secure. Finding like this just means they do not bother with any security there and it makes the entire thing obsolete.
This is very ironic as the main advertisement of MS store is security. They even have a setting in win 10 that only allows apps to be installed from their store, as they are supposedly secure. Finding like this just means they do not bother with any security there and it makes the entire thing obsolete.
Click here to post a comment for this news story on the message forum.
Junior Member
Posts: 8
Joined: 2015-02-09
Battery optimizer app logo and VPN+ app logo are misplaced. Why i did bother to point this out i have no idea.