Security company Symantec discovered a total of eight different applications published in the Microsoft Store that mined for Monero without users knowing about it.

According to an in-depth analysis of the crypto-mining software, the apps were published in the Microsoft Store between April and December 2018, but most of them went live late last year.

What’s worse is that they had close to 2,000 reviews, which means that there’s a chance a significant number of devices may have been infected.

“However, app ratings can be fraudulently inflated, so it is difficult to know how many users really downloaded these apps,” Symantec says.

As the security vendor explains, most of their apps were disguised as browsers, media players, downloaders, battery optimization tutorials, and were developed by three developers.

“After further investigation, we believe that all these apps were likely developed by the same person or group,” the company notes. Apps already removed

Once the apps are installed and launched on users’ computers, they download a coin-mining JavaScript library that is being used to mine for Monero. Users aren’t notified their PCs are being used for cryptocurrency mining, though devices get significantly slower because of high CPU usage in the background.

All the apps are offered in the Microsoft Store as Progressive Web Applications (PWA) and they can affect Windows 10 in S mode as well. Ironically, Microsoft claims Windows 10 in S Mode is the most secure Windows 10 version because it is restricted to Microsoft Store apps.

Symantec says it has already notified Microsoft about the malicious apps and they have all been removed from the Microsoft Store. However, if you previously installed any of these apps, you should uninstall them as soon as possible. The eight cryptojacking apps found in the Store are the following:

Fast-search Lite

Battery Optimizer (Tutorials)

VPN Browser+

Downloader for YouTube Videos

Clean Master+ (Tutorials)

FastTube

Findoo Browser 2019

Findoo Mobile & Desktop Search