Article 3HZVA There’s a currency miner in the Mac App Store, and Apple seems OK with it

There’s a currency miner in the Mac App Store, and Apple seems OK with it

Dan Goodin
from Ars Technica on (#3HZVA)

Enlarge / A version of Calendar 2 downloaded on Sunday from the Mac App Store.

Resource-draining currency miners are a regular part of the Google Play market, as scammers pump out apps that covertly harness millions of devices, in some cases with malware so aggressive it can physically damage phones. A popular title in the Mac App Store recently embraced coin mining openly, and so far Apple gatekeepers haven't blocked it.

The app is Calendar 2, a scheduling app that aims to include more features than the Calendar app that Apple bundles with macOS. In recent days, Calendar 2 developer Qbix endowed it with code that mines the digital coin known as Monero. The xmr-stack miner isn't supposed to run unless users specifically approve it in a dialog that says the mining will be in exchange for turning on a set of premium features. If users approve the arrangement, the miner will then run. Users can bypass this default action by selecting an option to keep the premium features turned off or to pay a fee to turn on the premium features.

Feels like the first time

If Calendar 2 isn't the first known app offered in Apple's official and highly exclusive App Store to do currency mining, it's one of the very few. The discovery comes as sky-high valuations have pushed the limits of currency mining and led to a surge of websites and malware that surreptitiously mine digital coins on mobile devices, personal computers, and business servers. Calendar 2 is slightly different in the sense that it clearly discloses the miner it runs by default. That puts it in a grayer zone than most of the miners seen to date.

Read 8 remaining paragraphs | Comments

index?i=Xw7Y8d35tf0:9DVDqDeKqCA:V_sGLiPB index?i=Xw7Y8d35tf0:9DVDqDeKqCA:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location
Feed Title Ars Technica
Feed Link
Reply 0 comments