CLANDESTINE CRYPTOMINING has hit Apple's Mac App Store in the form of 'Calendar 2', an app that syphons CPU power from infected machines and uses it to generate digital money.
Offering a supposedly beefed-up version of macOS' native Calendar app, Calendar 2 offers users the option to run cryptocurrency miners, which uses processing power to crunch complex equations to 'mine' the likes of Bitcoin, in order to access premium features.
However, the app was found to be running a Monero miner by default, Ars Technica reported, and when users tried to opt out a bug caused the miner to consume even more CPU power.
One Calendar 2 user, Fred Laxton, noted that the app guzzled up "200 per cent CPU" until he discovered it and disabled it.
"I didn't expect a miner infection from an App Store vendor," Laxton mused on Twitter.
@SGgrc @QbixApps Calendar 2 for Mac (from the App Store) launched a cryptocurrency miner without my permission. Then it ate 200% CPU until I found it and killed it. I didn't expect a miner infection from an App Store vendor. Wow. It runs the xmr-stak Monero miner.— Fred Laxton (@fredonline) March 12, 2018
Ars Technica reported the app to Apple but the Cupertino firm didn't seem overly bothered and failed to remove it.
However, Gregory Magarshak, founder of Qbix which is the company behind Calendar 2, told Ars Technica that the mining activity was down to a bug not some form of surreptitious money making scheme.
"What started out as a well-meaning option to just let people try out a new way to get all features unlocked became an option that made many people associate "mining" with huge CPU consumption," said Magarshak.
Shortly after, Magarshak noted that Qbix has decided to remove the Monero miner from Calendar 2, noting the rollout of the miner had caused "a perfect storm of bugs which made it seem like our company *wanted* to mine crypto-currency without people's permission".
Magarshak also explained that the company that provided the miner didn't disclose its code so it would take Qbix too long to fix the root cause of the bugs.
He then essentially pooh-poohed cryptomining (known as Proof of Work) on the whole: "My own personal feeling that Proof of Work has a dangerous set of incentives which can lead to electricity waste on a global scale we've never seen before. We don't want to get sucked into this set of incentives, and hopefully, our decision to ultimately remove the miner will set some sort of precedent for other apps as well."
So that may have been quite the 360 for Qbix. But the story as a whole does show how companies are getting increasingly interested in using cryptominers as a way to generate extra revenue.
The Pirate Bay was one such example, opting to test a cryptominer to generate money as an alternative to website advertising. µ
Company even manages to make social engineering duller than it already is
Work on the 'specialist' facility is set to begin 'within weeks'
Weibo leak claims upcoming flagship will go on sale for $749
Firm's research unit for self-driving cars is growing