Microsoft has removed from the official Microsoft Store eight Windows 10 apps that had been caught mining the Monero cryptocurrency behind users' backs for the benefit of the apps' developers.
The names of the eight apps are Fast-search Lite, Battery Optimizer (Tutorials), VPN Browsers+, Downloader for YouTube Videos, Clean Master+ (Tutorials), FastTube, Findoo Browser 2019, and Findoo Mobile & Desktop Search.
The apps were developed by three developers, namely DigiDream, 1clean, and Findoo. US cyber-security firm Symantec, which discovered the malicious apps last month, says evidence they uncovered in the applications' source code and adjacent domains led them to believe all eight had been developed by the same person or group, despite the different names.
According to a Symantec technical report shared with ZDNet, all apps worked in a similar fashion. All loaded the Google Tag Manager (GTM) library within their source code, through which they later downloaded and executed the actual malicious payload.
"A malicious URL with mining script was detected, and we backtracked to find these applications," Tommy Dong, Senior Principal Software Engineer at Symantec, told ZDNet. "Symantec AV can convict generic JS-based cryptocurrency mining disregarding any domain."
Users who installed these apps over the past few months would have seen their CPU usage go through the roof, as the Coinhive miner would consume all available resources to mine Monero for the app devs.