Microsoft Store hosts 81 illegal apps that hijack user traffic

News by Doug Olenick

The Microsoft Store joined Google Play and the Apple Store as a host for illegal apps after Symantec found 81 available for download.

The Microsoft Store joined Google Play and the Apple Store as a host for illegal apps after Symantec found 81 available for download.

These apps disguised themselves as pertaining to sports, news, utilities and games, but in fact were fronts for gambling and pornography apps. These Potentially Unwanted Apps (PUA) had well-known brand names such as Norton Antivirus, Grindr updates and Tinder Dating News but if downloaded either lead the user to a different site or to the brand’s actual app, but have install malware so the malicious actors can display different content at a later date, Symantec wrote.

Because the app is fully under control of the attacker it could allow them to place a cryptominer or phishing websites on the victim’s phone.

All of the fake apps seemingly were put in place by the same person or group.

"We analyzed the samples and found that they all call http://myservicessapps[DOT]com/firebase/[PHP Name]?app=[APP ID] to get the configuration for the current application, where the app can parse the style and specified URL by the "red_ph" value in the configuration," Symantec wrote, adding all had a similar file structure.

Microsoft was notified of the problem and some of the apps have been remove, but Symantec noted some are still available for download.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop