Jump to content

ALN

Members
  • Content Count

    17
  • Joined

  • Last visited

Community Reputation

0 Neutral

About ALN

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi, Lately I use to get installer errors while updating as you can see below (on macOS 10.14.5.) Still, everything seems to work fine, except one weird thing: I'm missing the kext in /Library/Extensions (and the installer complains about it as you can see below.) locate MB_ retrieves this (is this a high-sophisticated-encrypted-patent-pending-evil-villian-defence-tactic or just a typo? :-) /Library/Application Support/Malwarebytes/MBAM/Kext/MB_MBAM_Protection.txek History: I upgraded from Sierra to Mojave last year, so I had no problems with authorizing. I allowed full di
  2. Thank you, Alvarnell, for you time and effort on this. That‘s bad. It seems he‘s got hacked and time for me to say goodbye to his apps. This is indeed a valuable information and should be kept on focus. Cheers ALN
  3. And serves as a marvelous example how not to do it for your next security seminar. ds offer ... sounds like adware com.dsoffer an ID which is invalid as a domain WhatsupKeys ... intentionally misspelled to give people false confidence? com.dsoffer.WhatsupKeys.WhatsAppKeyboard for an app named Phraseboard (2x diff. spelling for WhatsApp!) A lesson to learn! It‘s a pity that Malwarebytes and Apple don’t have a strategic partnership. MB could deliver the technology and Apple could integrate it with the OS. And everybody would win. Apple had some strategic partners
  4. Update: dsoffer is an abbreviation for a developer named Daniel Soffer offering a Math keyboards app and Phraseboard, the latter I have installed. The name WhatsupKeys is misleading as Phraseboard offers only buttons for custom text (a TextExpander as a keyboard) which is inserted upon click. The whole smoke came up b/c his bundle ID com.dsoffer is not a valid domain . Although he is not a villain having invalid domain as bundle and providing an inappropriate app name is more than annoying. Sorry for the mess. ALN
  5. Thomas, Thanks for your reply. First, it is only a crash report from a week ago. Second, an app can be named anything but can be intented for different things, as you know. So, it makes it really hard to classify. I remember only PadKeys (which is a Computer-like keyboard with ALT and cursor keys etc.) having an update, but any app could run for months without surfacing. The problem is, uninstalling something doesn’t yield more than false confidence, as you can’t determine on iOS if this specific app is still installed, only wait for next crash. But what if doesn’t happen. So, I thin
  6. Addendum: FWIW, as I mostly use Apple‘s internal keyboard, the time of the crash report points somehow to a time when I used Apple‘s emoji keyboard (I rarely use emojis.) Can this be related to this? Although, com.dsoffer is very weird and the URL (dsoffer.com) does not exist. Anyway, hopefully helpful for everybody. Cheers ALN
  7. Thank you, Thomas. I know about the security issues about keyboard apps but I only use them for very specific tasks, no full access and internet access is denied. Thank you for your valuable advice anyway. The interesting thing about this is, that none of any apps I installed provides something equal. I do not use WhatsApp and there is no settings in any of my apps which offer such a feature to switch. I‘m now researching this as I don‘t know which one causing this. As this popped up this week and I use these apps now for very long, I don’t know where it is hiding. So, if someone has a si
  8. Now hopefully for the last time. I‘m sorry, I fully misunderstood the problem. I was talking about a completly different but similar looking incident. Now after testing this, I realized my mistake, sorry to confuse everybody. Dragging the MB app to dock from /Applications is of course a seperate app as in Engine.bundle and Dock shows it correctly as two seperate files. Again, very sorry. ALN
  9. By the way, it is also new if I‘m not mistaken, that internal processes spawned off are displayed in Dock etc. I recognized this recently in different apps which should not happen. Maybe this can play a role too. I still see such incidents as an OS related problem.
  10. I would not count on it. I believe you will need more time consuming investigation. All these double „instances“ are mostly configuration mishaps, always happened with LaunchServices, Dock etc. whenever settings storage was involved (e.g. Open with... showing multiple apps no more installed etc.) I wouldn’t take much comfort into the stub incident either. How was this confirmed? Is it proved that both icons point to different locations on disk? As the UI does not show you what‘s actually happening, you can be tricked into believing you are confronted with two different apps. macOS is keen
  11. Thank you for yor attempt to help but you should not assume everybody you talk to is technically declined. If a second app would have been somewhere I would have noticed it, believe me. It has to do with macOS internal settings, a configuration mishap (maybe it got confused with trashcan.) Immediately after triggering an auto-update BBEdit will ask to quit itself, install it and relaunch. After proceeding a second icon appeared and the original, which was permanently pinned, was inactive. Deleteing old icon and making new icon permanent solved the problem. It has nothing to do with physic
  12. I recently had this after updating BBEdit, showing two icons on the Dock. Firts tome appeared after updating to macOS 10.14.3. I suspect macOS problem. Cheers ALN
  13. Hello everybody, I just came across a crash report on my iPad running iOS 12.1.4 with the bundle name „com.dsoffer.WhatsupKeys.WhatsAppKeyboard“. No results on any search engines. Anyone know this? The only keyboard apps I installed are: Clips, Phaseboard, PadKeys, MyScript Stylus. In general, I‘m very security concered and don‘t install much apps, only what I need and after research. Thanks in advance. ALN
  14. Thanks, Manfred! That's why I posted my observations here. This must be seriously examined by the developers as it's the only process with such a behaviour and it's racing kernel_task, and I think they will. It's important that they are aware of it now. For now I only start the daemon while I'm online (I use my iPad for all my inet work, my computers/TV/etc. are always offline, except for updates or specific use) and kill the process afterwards. Then it stays at acceptable range. Cheers, ALN
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.