Apple: Cryptocurrency-mining Qbix Software Sneaks onto the Mac App Store

Cryptocurrency-mining software has been discovered on the Apple Mac Store, hiding in a Calendar application with hundreds of thousands of downloads.

Users of the macOS software, developed by a company called Qbix, voiced frustration as their computer speeds tanked after using the program, dubbed "Calendar 2." Analysts found the feature had slipped past Apple's internal security procedures and was designed to mine a cryptocurrency known as Monero.

The crypto-mining option does not appear to have been entirely malicious and was clearly advertised to users as a way to access premium content for no cost.

Apple Macbook
Cryptocurrency-mining software was discovered on the Apple Mac Store in a piece of software called Calendar 2. Markus Petritz/Unsplash

However, complaints emerged that the process—advertised as being unobtrusive—was launching without permission, causing CPU usage to spike with no warning. Qbix founder Gregory Magarshak told Ars Technica that the application, now removed from the official Mac App Store, had suffered from two separate security issues that caused it to use more computing power than intended.

Magarshak said: "We have decided to remove the miner in the app. The next version will remove the option to get free features via mining." He noted that the rollout had "a perfect storm of bugs" and denied wanting to mine crypto without asking.

"Ultimately, even though we technically could have remedied the situation and continued on benefiting from the pretty large income such a miner generates, we took the above as a sign that we should get out of the mining business," he added.

Apple did not respond to a request for comment. Qbix said that it is currently working on a software update that will fix the bugs. On its site, it says the app has 757,714 users, but that number contains every person since version one. The company claims that, in total, the application has been used 93 million times.

Some developers are beginning to see cryptocurrency miners as a way to circumvent traditional advertising, letting users trade CPU power for free services. The Pirate Bay file sharing service was met with backlash last year after installing a strain of mining software called 'CoinHive' without visitors' permission.

The miner in the Calendar 2 software was "xmr-stak", according to a technical analysis published earlier this week by researcher Patrick Wardle. "Remember when Apple rather strongly implied that Macs don't get viruses?" he wrote.

On an Apple security page, the U.S. tech giant states that its apps "may facilitate transmission of approved virtual currencies" but only if they are compliant with all state and federal law. It does not provide rules on crypto-mining bundles.

The rise in cryptocurrency mining software coincided with bitcoin's recent price hike. However, despite alleged links to cybercrime, experts warn the practice is not always dodgy.

"Coin miners are not inherently malicious," Microsoft's Windows Defender research team wrote in a blog post on Tuesday. But it went on to add that trojanized miners are now "evolving to become the monetization tool of choice for cybercriminals." In many cases, a strong anti-virus software will locate a miner before it launches.