Apple has started restricting the inclusion of cryptocurrency miners from its App Store. The company is doing this in the hope of protecting computer users from malicious instances. The majority of miner code available on these software repositories may be malicious in nature.
Cryptocurrency Miners Are To Be Removed From Apple’s App Store
Apple has updated their App Store guidelines and specifically their Hardware Compatibility to explicitly restrict iOS and Mac apps from performing cryptocurrency operations. This effectively limits the distribution of cryptocurrency miners from the company’s official repository. It is very possible that this has followed up the a popular application called Calendar 2 that bundled a Monero miner in its “premium” version. The application offered the users a choice of using all of the paid features in exchange for the execution of the miner. As a consequence the complex operations can generate revenue that is much bigger that its price and also burden the devices with severe performance issues.
Apple has specifically added a paragraph stating that “Cryptocurrency apps may not offer currency for completing tasks, such as downloading other apps, encouraging other users to download, posting to social networks, etc.”. This means that such behaviour will no longer be tolerated by the company. Google has already prevented cryptocurrency code in the extensions uploaded to the Chrome Web Store without the user’s consent. Other popular web services are also following this attempt at limiting their distribution.
The Danger of Cryptocurrency Miners — the Reasons for Apple’s Ban
Cryptocurrency miners are one of the most popular threats at the moment as they can be concealed in all sorts of payload delivery mechanisms. Their main goal is to utilize the available device resources in order to execute complex operations. In the end the hacker operators receive contributions for the allocated resources in the form of cryptocurrency assets (tokens or coins).
Cryptocurrency miners as a whole are a serious risk as they may lead to the following malicious actions:
- Additional Malware Infection — The cryptocurrency miners can lead to the distribution of other threats to the infected hosts. As such they become a step in the infection progress.
- Trojan Module — When used in combination with Trojan instances the hackers can spy on the victims in real time, take over their computers and hijack all collected data.
- Information Stealing — Many advanced cryptocurrency miners have the capability to steal sensitive information about both the users and the compromised devices. The code is able to create a complete profile of the available hardware components along with certain strings taken from the operating system. It can also expose the identity of the victims by hijacking strings related to their name, address, location, interests, passwords and account credentials.