Security researcher Patrick Wardle recently dug into a calendar app sold in the Mac App Store that turns your computer into a cryptocurrency mining machine, after he was tipped off by Dan Goodin over at Ars Technica.
Read Patrick’s detailed post about how the app takes control of your machine.
Our favorite gem:
“As noted by the sharp-eyed @dogcow, the ‘Calendar 2’ application actually tells us that it may utilize the spare cycles of our CPUs to perform cryptocurrency mining in the background. Hooray for honesty, I guess?”
Luckily, after he tipped off the Mac App Store, they removed the app from the store. While this is great news and good work by both Apple and Patrick, it calls into question just how many seemingly innocuous malicious apps are available for download that no one has discovered yet and reported to Apple.
Several media outlets reported today that the authors intended to remove the mining feature from the app after hearing about the backlash.
One of our Cylance security researchers tested the app and even after disabling the feature, the CPU miner continued to run. So even if users had opted in and then decided not to allow mining, the settings/ toggle did not work until he/she forces a reboot.
The main takeaway for readers is not to trust everything that’s available in the app store. This isn’t an issue that’s limited to the Mac App Store, for what it’s worth – the Google Play Store has had similar issues of malware-laced apps available for download. Trust no one.
// Return false to prevent the submission handler from taking the lead to the follow up url
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Research and Intelligence Team. Read the original post at: https://threatmatrix.cylance.com/en_us/home/calendar-app-covertly-mining-cryptocurrency.html