neowin[.]net/news/several-pwas-in-the-microsoft-store-found-to-be-mining-cryptocurrencies
computerworld[.]com/article/3314746/mobile-apps/why-microsoft-and-google-love-progressive-web-apps.html
A PWA, or Progressive Web App, basically lets you use a service on a web site as if it was an installed application on your PC. And both Microsoft & Google love 'em -- for Microsoft it's a way to populate the often ignored store in win10, and Microsoft is being pretty aggressive about finding sites that will work as a PWA, & sticking them in the store, kind of like the way they index sites for Bing.
Problem is, when Google or Microsoft or Apple put a real app in their respective stores, they've got actual code to look at, and once they've inspected it, trying to make sure it's safe, they host that code, so it's sort of frozen, more-or-less hands off. They also have strict requirements when it comes to how those apps are written. However, the code behind a web site & any services it offers can more easily be changed, can be somewhat opaque to outside inspection, and both sites & services can & have been hacked.
PWAs are a new territory, set to grow rapidly, and more cybercriminals are going to be looking at PWAs long and hard. Microsoft & Google aren't really trying to educate users about what PWAs are, and are not making sure that if you download a PWA from their stores, you know that it's a PWA, and everything that can mean. Treat PWAs with the same cautions you use browsing the web, realizing that a PWA you get from Microsoft's or Google's store is not like an app, and that the developer & the site behind that PWA are super important. Otherwise you could be giving a site that you'd Never, Ever visit, out of fear it was malicious, even more access to your PC.