Skip to main content

Attackers are stealing data with fake Microsoft Store app listings

Microsoft Store
Microsoft Store (Image credit: Matt Brown | Windows Central)

What you need to know

  • Attackers are using fake Microsoft Store app listings and websites to get malware onto people's computers.
  • The installed malware can be used to still passwords, documents, and cryptocurrency wallets.
  • The attacks are said to target countries in South America at the moment.

New malware attacks mimicking the Microsoft Store, Spotify's website, and a PDF converter tool have recently been flagged online. ESET research recently shared images of the fake pages on Twitter. Bleeping Computer spoke with ESET's head of threat detection labs to gain more insight on the attacks. The attacks work by using fake advertising to highlight pages containing malicious software disguised as genuine applications.

One example is the fake Microsoft Store app listing shown below. The listing claims to be for an online chess app. According to BleepingComputer, if you try to download it, you'll instead get a zip file named 'xChess_v.709.zip." The file is actually a piece of information-stealing malware known as "Ficker" or "FickerStealer." The same strategy is used with a fake Spotify page as well as a fake PDF converter page.

According to ESET research, the attacks are targeting countries in South America.

With the malware utilized in these attacks, threat actors can steal credentials saved within web browsers, messaging clients, and FTP clients. The malware can also steal over 15 cryptocurrency wallets, steal documents, and take screenshots of which apps are active on someone's PC. This valuable information is then sent back to the attacker.

When browsing the web, you should always double-check the URL of any sites you download applications from. If your PC has been attacked, you should scan for malware and change your passwords. You may also want to pick up the best antivirus software to help secure your PC.

Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com (opens in new tab).

7 Comments
  • I thought MS vetted their store? Ah, never mind, fake website. Idiots.
  • You'd be surprised at how many people just aren't that into technology. It's still very easy to catch people with this type of thing, even with technology being as prevalent as it is.
  • I'm not surprised at all unfortunately.
  • This was totally unexpected. :)
  • I mean, this would be much less of a problem if Microsoft Store web links actually opened in the Store app.
  • I agree with you that it would be nice if app links didn't direct you to the web store (which secondarily opens the store) but that doesn't fix this issue, which is preying on people who don't know better anyway. This attack still works even if MS fixed that. After all, this attack downloads a zip and requires the victim to run the executable (circa 1995). Only the least tech savvy person would fall for that... which apparently some are.
  • Guess if they are only 'still' items, then what is the concern? Maybe time to proof read a bit more before publishing?