Cryptocurrency mining app found in the Microsoft Store

The Google Play Store is often found to have Android apps that carry mining scripts, and it’s often no surprise to see such messages. The Microsoft Store is a bit better, all applications need to be reviewed by Microsoft auditors. But even so, the Microsoft Store still has applications that carry mining scripts, and these currently problematic apps have been removed from Microsoft.

Symantec security staff found in the Microsoft Store that some apps use Google Tag Manager to track the online mining scripts for Monero. Google Tag Manager is primarily intended for developers to add JavaScript scripts and HTML content to their applications for tracking and analysis. The developer carrying the mining script first submits the normal application to Microsoft for review, and Microsoft’s component for Google stats tracking is also released by default.

“As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers. The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators. Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store.”

The application in question is also a UWP application, so it can be run directly in Windows 10 or even Windows 10 S mode. The Microsoft Store doesn’t provide update dates or downloads, so there’s no way to tell how many users are affected.

Microsoft has removed all related applications after receiving a Symantec notification, but Microsoft has not issued an official statement on the matter and it is unclear about the details.