We have observed highly unusual behavior where Trello appears to be querying macOS VoiceServices (e.g., com.apple.MobileAsset.VoiceServices.GryphonVoice) and triggering an AppSandbox request.
📌 Key points:
- This has occurred multiple times on several different computers, all of which have access to the same Trello board.
- We were able to reproduce the issue consistently until we removed certain API calls, after which we could no longer trigger the behavior.
- We are trying to understand what is happening and whether this is expected behavior or a potential security concern.
🔍 Questions & Concerns:
- Why would Trello (or a Power-Up/plugin like Crmble) request access to macOS VoiceServices?
- What could cause Trello Helper (GPU) to trigger an AppSandbox request?
- Could an API integration within Trello lead to unexpected interactions with macOS system components?
- Is there any known behavior where Trello interacts with Apple’s speech-related frameworks?
🚨 Suspicious Behavior:
At the time this happened, a voice message suddenly played on multiple Macs, stating:
"Ihr System wurde mit schädlichen Trojanern infiziert. Diese Viren schicken Kreditkartendaten, Facebook-Logins sowie persönliche Daten und IP-Adressen an Hacker weiter. Bitte rufen Sie uns sofort unter der angegebenen Nummer an, damit unsere Microsoft Support-Ingenieure sofort durch den Lösungsvorgang helfen."
💡 This strongly resembles a tech support scam message.
🛑 Very, very suspicious.
We would appreciate any insights on whether this is expected behavior or if it could indicate:
- A misconfiguration in Trello or a plugin,
- A security vulnerability in a Power-Up,
- Potential abuse of Trello’s APIs by a malicious actor.
Any guidance on further investigation steps or similar known cases would be highly appreciated. 🚀
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.