The Microsoft Store’s main raison d’etre is to provide applications users can trust. In January Symantec discovered Microsoft has failed this task, with 8 applications found in the Store infected with crypto-mining software.
The attack, which includes titles such as Fast-search Lite, Battery Optimizer (Tutorials), VPN Browser+ and Downloader for YouTube Videos, appear to have been the work of a single developer or team and had over 1900 reviews, suggesting many thousands of people had been duped into installing the applications.
After being alerted Microsoft has subsequently removed the apps from the Store, but it seems clear Microsoft is unable to prevent this type of abuse, meaning users will need to be as careful about downloading apps from the Store as when downloading from the web.
Symantec suggests the usual common-sense precautions:
- Keep your software up to date.
- Do not download apps from unfamiliar sites.
- Only install apps from trusted sources.
- Pay close attention to the permissions requested by apps.
- Pay close attention to CPU and memory usage of your computer or device.
- Install a suitable security app, such as Norton or Symantec Endpoint Protection, to protect your device and data.
- Make frequent backups of important data.
If the Store can’t protect us, is there any further point in using it? Let us know below.