In January, security researchers from Symantec found cryptomining applications in the Microsoft App Store, but they were published in the store between April and December 2018. It’s not clear how many users downloaded or installed the apps, but they had almost 1,900 user ratings.
The rogue applications posed as browsers, search engines, YouTube video downloaders, VPN and computer optimization tutorials and were uploaded by three developer accounts called DigiDream, 1clean and Findoo. However, the Symantec researchers believe the apps were created by a single person or the same group of attackers since they all share the same origin domain on the backend.
