Symantec recently discovered 81 potentially unwanted applications (PUAs) on the Microsoft Store, some of which display pornographic images and gambling content. While some have been removed, most of these apps are still available to download from the app store.
The apps cover a range of different categories such as sports, games, news, tips, etc. They appear to be published by more than 30 different developers.
To trick users, the apps use familiar names from some popular brands in their titles, such as Wix Updates Application, Antivirus Avira App, Norton Antivirus Updates App, McAfee Antivirus Updates News, Tinder Dating Updates, Tips and Games, and Grindr Updates.
However, these apps have nothing to do with the brands or their original apps. In fact, some of them display content such as pornographic images and advertisements for gambling websites. Other apps merely redirect users to the legitimate website of the brand they are claiming to be related to but they all have the ability to display whatever content they chose at a later date.
At the same time, none of the apps state this behavior in the description section on the app store page. In fact, the apps all display innocuous screenshots provided by the developers, which are totally unrelated to the real functionality of the apps.
There is potential for more serious risks since the app is fully controlled by a malicious routing server, meaning that it is possible for the developer to inject malicious code of their choosing. This could, for example, be coin-mining scripts, allowing the app developers to generate profit from users who have installed their apps. The developers can also display phishing websites in the apps. In fact, some of the apps already show suspicious phishing content that requests credit card information.
Symantec explored the application packages of all 81 apps and found that the content of each looks very similar. This, combined with the fact that they are sharing the same server, makes it highly likely that these applications are published by the same group of developers.
Microsoft was notified about the discovery and said it would investigate. Several of the apps are no longer available on the Microsoft Store.