Symantec: Popular Microsoft Apps Hijack PCs

John Lister's picture

At least eight apps in the official Microsoft Store were secretly designed to use a computer's resources without permission. It undermines Microsoft's efforts to promote the store as a "safe source of software."

In the past few years, Microsoft has heavily pushed the idea of Windows users getting software from an app store - similar to the way mobile devices work - rather than the more traditional method of getting programs from a third-party sources and installing them directly to the PC or smartphone / tablet.

There's even a special 'S' mode for Windows 10 that only allows the computer to run software from the Microsoft Store. The company specifically says this mode is "streamlined for security and performance." It also says applications in the store are "Microsoft-verified for security."

Battery and Video Download Apps Compromised

Now security firm Symantec says eight apps that were in the store at some point in 2018 pose a risk, namely:

  • Battery Optimizer (Tutorials)
  • Clean Master+ (Tutorials)
  • Downloader for YouTube Videos
  • Fast-search Lite
  • FastTube
  • Findoo Browser 2019
  • Findoo Mobile & Desktop Search
  • VPN Browser+

While the apps appear to carry out their stated purpose, they are also running code in the background that carries out cryptomining.

Cryptomining means using the computer's (or smartphone / tablet) resources to try to verify transactions made with virtual currencies such as Bitcoin. That might seem like an odd thing to hijack a computer for, but the way such "cryptocurrencies" work is that whoever wins a race to verify a batch of transactions is rewarded with a unit of the currency.

The currency can then be sold for "real world" currencies such as dollars. Combining the power of hijacked computers greatly increases the chances of winning the race as the calculations are often split up among multiple systems, making it much more efficient.

Related: New Firefox to Block Unwanted Tracking, Cryptojacking

Batteries Could Heat Up

Cryptomining on hundreds of thousands and potentially millions of devices simultaneously is great news for the hijackers - but bad news for users. It can mean slower device performance and potentially overheating batteries on laptops as their machines run consistently at full power.

Perhaps unsurprisingly, there was no mention of the 'behind-the-scenes activity' in the privacy policies of the apps in question via their Microsoft Store listings.

The apps are no longer in the store and users should remove them from their machines if they have them. The big question now is how they were able to bypass Microsoft's security checks and get into the store.

What's Your Opinion?

Do you use the Microsoft Store to get apps? Do you trust Microsoft's promotion of the store as a secure source of software? Do users need to take more responsibility for checking software for security risks?

Rate this article: 
Average: 4.9 (14 votes)

Comments

ehowland's picture

I do randomly check nothing is hogging resources, and I remove old unused software and I also try and prune off any unneeded and or unused apps from my (Android) smartphone. Although this is interesting I am SURE in 2018 there were far more "Malicious" Apps that got in the google play store, and yet even MORE that were in the Apple "APP" store... This kinda does not surprise me. I did look at the "S" version of Windows 10 several years ago, and almost immediately realized it was not viable in the business world at all....

Rusty's picture

Maybe it was always sketchy, but I don’t think Microsoft has nearly the integrity it once had. Seems like none of the giants of the industry are very trustworthy. We can’t very well manage without one or more of them in our worlds, so there may be no solution other than to support those who work to police them and to push for laws and court decisions that help keep them in check. Parts of the judicial system are becoming increasingly politically stacked, but I’m not exactly sure how that bodes for controls over this sort of thing.

jamies's picture

OK the reported apps are not ones that I would install on my systems, but they definitely seem targeted at those less likely to have an awareness of system usage.

And, from my POV - either I can, or I can NOT trust a major software supply organisation.

So- considering that I am still getting lots of 'security fixes', and there does not seem to be an easy to select option for users to have the browsers from that supplier start up in a privacy mode when initiated via links or file associations, and it seems that I cannot easily (if at all) look at cookies running, or even just those newly installed, in order to manually remove those doing things I don't want to allow to "do-their-thing"

The name "Microsoft" definitely does not go with the phrase "secure computing environment" well that is not without a "NOT" between them.

As usual - Microsoft are listening to their userbase - wonderful how good and remotely controllable PC and IOT microphones are getting nowadays.

Nope - nothing was said about doing what the users want - that would almost certainly hit marketing and the base profit line.

My problem - I have to run Office in a windows environment to support clients

russoule's picture

wah, wah. there is an app that Microsoft didn't completely verify. OMG, what can we do?

There are literally thousands of apps out there for all the various opsys that exist. Why are we surprised or irritated that eight of them slid by doing background hidden processes? Windows 10 itself does background hidden processes. so does Android. It is a function of the opsys that these processes are running in the background.

The problem is that the various opsys makers cannot verify every single app that is submitted, no matter how much the opsys maker says they do. I this case, the apps are using unused cpu to mine for crypto dollars and that can be found by watching the task manager 24/7/365 since the app only uses cpu when it is not being used for something else.

The point of Dennis' article is not to show how un-worthy Microsoft is, but to let us all know that even the stringent examines by Microsoft are sometimes just not enough. Be Vigilant! Be Aware! Don't Depend On Someone Else To Guard Your System.

lgitschlag_3159's picture

I agree with all above comments in general. If I may, here's my non-technical two cents. TRUST. On the Internet trust is vital. I know little about pcs except how to turn them on and off, lol, but so many companies say something's safe only later it's not, losing my trust. Gates tried to be the sole Internet gateway and charge entry, losing my trust. Microsoft issues faulty products and now issues endless "corrections", losing my trust. Google's motto gave way to profit in China, losing my trust. Personal data is gathered for profit by any means they can get away with (aboveboard or sneakily)(FB!), again losing my trust. The public trust has been abused beyond reason, criminals flourish, the law lags behind. It's no surprise some store apps are found unsafe but it's GREAT the vast majority of apps are healthy. I most heartily applaud the never ending fight to detect and stop the insidious sneaks. Public awareness is growing and will eventually bring good results in the future.