Apple-Approved App Mining Crypto on Users’ Computers
It looks like one cannot escape cryptojackers even on the Apple's app store. Calendar 2 is an app, approved by an American technology company Apple, that was pulled after news broke that it was using its users’ computers to mine crypto for the developers.
But is it really malware if the app told its users exactly what it would do? And yes, Calendar 2 told potential users that it would do this very thing. Qbix, the developer of the app, decided to offer the app's pro features in the free version if you agreed to let it generate some digital bucks on your computer in the meantime. Not unlike the way Salon lets people choose between ads and crypto mining as a way to generate revenue for their site.
Patrick Wardle, Objective-See's Chief Research Officer, pointed out on Twitter that this seemed to go against App Store guidelines: “monetizing built-in capabilities provided by the hardware or operating system" is "Unacceptable" -section 3.2.2 (ii).” Notably, Objective-See is the Mac security site that found out that the app was mining Monero cryptocurrency - loved for its relative anonymity.
In an email exchange with ArsTechnica, a technology news website, Gregory Magarshak, the founder of Qbix, says it was all bugs.
Apparently, the miner used more computer resources than intended, and mistakenly ran after users disabled it. To fix it, they have decided to remove the miner completely from future versions of the app, saying, “Ultimately, even though we technically could have remedied the situation and continued on benefiting from the pretty large income such a miner generates, we took the above as a sign that we should get out of the ‘mining business.’”