There’s a currency miner in the Mac App Store, and Apple seems OK with it

[LASER_oneXM]

Popular Calendar 2 app mines Monero by default, but at least it discloses it.

Resource-draining currency miners are a regular part of the Google Play market, as scammers pump out apps that covertly harness millions of devices, in some cases with malware so aggressive it can physically damage phones. A popular title in the Mac App Store recently embraced coin mining openly, and so far Apple gatekeepers haven't blocked it.

The app is Calendar 2, a scheduling app that aims to include more features than the Calendar app that Apple bundles with macOS. In recent days, Calendar 2 developer Qbix endowed it with code that mines the digital coin known as Monero. The xmr-stack miner isn't supposed to run unless users specifically approve it in a dialog that says the mining will be in exchange for turning on a set of premium features. If users approve the arrangement, the miner will then run. Users can bypass this default action by selecting an option to keep the premium features turned off or to pay a fee to turn on the premium features.

Apple representatives didn't respond to emails asking if the recently updated Calendar 2 violated App Store terms and services. Almost 24 hours after Ars alerted them to app, it remained available for download. Patrick Wardle, a researcher specializing in macOS security, has a detailed analysis of the miner here.

In an email, Qbix founder Gregory Magarshak said the rollout of the currency miner has been complicated by two bugs that prevented it from working as intended. The first flaw caused the miner to run indefinitely, even when users changed the default setting. The second bug caused the miner to consume more resources than planned. Developers programmed the miner to use 10 percent to 20 percent of a Mac's computing power, depending on whether the machine was plugged in. The new miner has been using much higher percentages.