19 Feb 2019
Microsoft Removes Apps Connected with Cryptojacking
Every day, tens of millions of people add new apps to their smartphones. These apps have come to dominate the world, as they allow users to do just about anything. What began as programs that enabled people to chat with one another and play games has now blossomed into one of the largest industries on earth.
Now, people can do just about anything with an app. There are apps to run electronic devices in your home, to find the perfect match, and even to check your alcohol or blood sugar levels. If you want it, you can be sure that there is an app for it.
The problem with these programs is that for every good or useful application, there is likely another that has been created for nefarious reasons. This is the issue that Microsoft recently had to face, when they pulled eight apps from their Play Store after being notified that these programs were created for the purpose of cryptojacking.
Symantec on Alert
On January 17, Symantec, one of the leaders in cybersecurity, notified Microsoft that eight programs in their app store contained malicious malware. Three different companies were responsible for the apps, including DigiDream, 1clean, and Findoo. However, Symantec concluded that all eight applications were created by the same person, or at least by the same team of developers.
The applications were designed to use a person’s resources on their phone to assist the developers in cryptocurrency mining, specifically for the digital currency Monera. How it works is simple.
A user would search a term in the Microsoft app store, and one or more of these eight programs would be offered as a “free” download. After the person downloaded the program, it would trigger the Google Tag Manager to begin running. Once this program began, it would immediately begin to start drawing on the resources of the phone to help in the cryptocurrency mining process.
The saddest part of this process is that, often, the user would be unaware that this program was running. It would not display as a process, and no other program would appear to be running beyond the one they downloaded. The user would find that their battery was losing power a lot quicker and they may have seen dramatic spikes in data use but, if the user was on an unlimited data plan, they may not be aware of any change at all.
They Need the Power
Since the advent of bitcoin, programmers and developers have painstakingly worked to create programs and packages that would enable them to “create” digital currency, often referred to as mining. It is not a financial institution that is creating the currency but is, instead, the success of a user to find the right algorithm that enables them to generate a coin.
Because no organization is backing the currency, there is no regulation and no one is really sure how much cryptocurrency exists. However, it can be an extremely lucrative endeavor. Bitcoin spiked to nearly $20,000 per coin in late 2017, so there is a lot of money to be made.
The problem is that mining takes a lot of resources to be successful. Before the collapse of the Venezuelan economy, many developers paid Venezuelans for the use of their energy and computer processing because energy was free.
Now that this is no longer the case, cryptojacking has become the means by which they are able to get the needed power and processing they desire. This is often done by adding malware to a computer and or other device, then using that devices resources, costing consumers hundreds of millions of dollars each year in increased energy costs. In fact, this has now become the biggest cybersecurity threat, surpassing ransomware.