Is it malware if it tells you exactly what it’s going to do and then does that very thing?
That’s essentially the question facing Apple after reports broke that a program available in the Mac App Store was mining cryptocurrency on users’ computers. Although initially approved by Apple, the Calendar 2 program was pulled — either by its developer Qbix or the folks in Cupertino — on March 12.
Mac security site Objective-See did a deep dive into the matter after being tipped off by Ars Technica’s Dan Goodin, pointing out that the app was mining Monero — a cryptocurrency loved by the seedier side of the internet for its relative anonymity.
Importantly, Calendar 2 told potential users that it would do this very thing — with a small but important caveat (more on that later). Similar to Salon’s recent foray into cryptocurrency mining in lieu of running ads, Qbix apparently decided to offer the app’s pro features in the free version if you agreed to let it generate some digital bucks on your computer in the meantime.
Not everyone was cool with this. And, as one particular feisty iTunes review made clear, it appears that (for at least this one reviewer) the mining feature was turned on by default.
We contacted Apple to determine if this violates the company’s rules, but have not received a response as of press time. Meanwhile, Objective-See’s Chief Research Officer (and respected malware hunter) Patrick Wardle pointed out that the App Store guidelines appear to prohibit this behavior.
Apple’s App Store guidelines seem rather clear RE: cryptocurrency mining in Apps (context: https://t.co/WzbnB4GppO): “monetizing built-in capabilities provided by the hardware or operating system” is “Unacceptable” -section 3.2.2 (ii) 🙅♂️ HT Mark Allen/ClamXav pic.twitter.com/MFJUnN7EzO
— patrick wardle (@patrickwardle) March 12, 2018
In an email exchange with Ars Technica Qbix founder Gregory Magarshak chalked this mess up to bugs. He claimed the miner used more CPU resources than intended, and mistakenly ran after users disabled it. Basically, it was all a screw-up on their part, or so the theory goes. Magarshak told the publication the crypto miner would not be included in future versions of the software.
Importantly, sketchy cryptocurrency mining is not limited to the Apple ecosystem. It has bedeviled Chrome extensions and various apps in the Google Play store since way back in 2014. As cryptocurrency continues to take over the international zeitgeist, it only makes sense that illicit ways of generating it have spread as well. Apple’s devices and even the apps in its App Store, it would seem, are no special exception.