Trello triggering macOS VoiceServices & AppSandbox requests across multiple devices – suspicious beh

Daniel Luca Aguirre
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 27, 2025

We have observed highly unusual behavior where Trello appears to be querying macOS VoiceServices (e.g., com.apple.MobileAsset.VoiceServices.GryphonVoice) and triggering an AppSandbox request.

📌 Key points:

  • This has occurred multiple times on several different computers, all of which have access to the same Trello board.
  • We were able to reproduce the issue consistently until we removed certain API calls, after which we could no longer trigger the behavior.
  • We are trying to understand what is happening and whether this is expected behavior or a potential security concern.

🔍 Questions & Concerns:

  1. Why would Trello (or a Power-Up/plugin like Crmble) request access to macOS VoiceServices?
  2. What could cause Trello Helper (GPU) to trigger an AppSandbox request?
  3. Could an API integration within Trello lead to unexpected interactions with macOS system components?
  4. Is there any known behavior where Trello interacts with Apple’s speech-related frameworks?

🚨 Suspicious Behavior:

At the time this happened, a voice message suddenly played on multiple Macs, stating:

"Ihr System wurde mit schädlichen Trojanern infiziert. Diese Viren schicken Kreditkartendaten, Facebook-Logins sowie persönliche Daten und IP-Adressen an Hacker weiter. Bitte rufen Sie uns sofort unter der angegebenen Nummer an, damit unsere Microsoft Support-Ingenieure sofort durch den Lösungsvorgang helfen."

💡 This strongly resembles a tech support scam message.
🛑 Very, very suspicious.

We would appreciate any insights on whether this is expected behavior or if it could indicate:

  • A misconfiguration in Trello or a plugin,
  • A security vulnerability in a Power-Up,
  • Potential abuse of Trello’s APIs by a malicious actor.

Any guidance on further investigation steps or similar known cases would be highly appreciated. 🚀

 

1 answer

0 votes
DiMaggio Tucci
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
February 27, 2025

I'll try to test this on MacOS. Please note that the source of the problem isn't necessarily Trello or a Power Up. There are also other potential problem points on your end.

Would you be able to note if you experience this on a separate device connected to a separate network? Does this happen every time you access Trello? Any more information you can provide would be appreciated!

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
TAGS
AUG Leaders

Atlassian Community Events