group.is.workflow.my.app Is this a necessary app? Do others have access?

Question

BeeMac OP

Created Jun ’23

Replies 6

Boosts 0

Views 3.9k

Participants 8

Hi

I'm a total novice on this stuff so please know that in advance. Won't go into details but my former employer has repeatedly hacked into my network, email etc. It's being dealt with legally.

That said you can imagine my paranoia all the time and I never know is okay or what is suspicious. I find it really hard to get actual information on google etc., so I'm turning to you far more experienced and knowledgeable mac people.

I stumbled on the above looking for something in terminal. It's obviously in the applications software section. Falls under Users/me/Library/application scripts/group.is.workflow.my.app

The timing of the installation is exactly when there was a certain event.

Also, on all of my files, I have to remove Staff from accessing. I don't know what that's about but if anyone has insight let me know. Please see attached. Thank you!! Screenshot 2023-06-04 at 1.35.41 PM.png

Boost

Answer 1

C-men OP

Jun ’23

I have the same question. I was checking everywhere how to fix one of my USB C ports not working and came accross that. (I already fixed the port).
In my case, it says "read and write and no access" for admin user and everyone, respectively.

I checked on the system report it shows like this:

group.is.workflow.my:

Obtained from: Unknown Last Modified: 6/1/23, 5:05 PM Kind: Other Location: /Users/user/Library/Application Scripts/group.is.workflow.my.app

So I checked on that folder and the icon does not feel right, either.

0

Answer 2

cameronbanowsky OP

Jul ’23

It's a virus. can you post the outputs after putting into virustotal? Just click and drag the .app to virustotal.com and send back the link.

0

Answer 3

Stanley_Liu-CA91745 OP

Sep ’23

Oh jesus I have this on all my Apple computers theres's at least 4 at home. What do I do ? Why didn't the antivirus i paid for catch this at all? Thanks.

0

Answer 4

Synksia OP

Dec ’23

I have the same app. Can someone please verify if it is a virus/malware? If so, it goes undetected by Malwarebytes.

0

Answer 5

AIRaquarian OP

Jun ’24

I would say it is NOT a virus. I have brand new installs of macOS Ventura that have this file as well.

0

Answer 6

motosaiz OP

Sep ’24

There's no need to make baseless claims like "it's a virus" with no evidence. Let's take a look at what we find.

I have this file in /Users/myname/Library/Application Scripts/group.is.workflow.my:

Hmm, it's zero bytes. That may be a clever trick, but hard to imagine how that could be dangerous.

What else do we notice? My computer was first booted on 23 Jan 2023. (ls -lt /private/var/db | tail -3) What was happening in China from 23 Jan 2023 to 27 Jan 2023? Golden Week. National holiday. Then, Saturday, Sunday, back at work on Monday the 30th, and the next day my laptop is getting new files:

Screenshot 2024-09-02 at 03.29.09.png

So on the 31st, a lot of Apple-related files were being created on my MacBook, along with the file in question. We can conclude therefore this file is obviously a left-over from the initial setup process.

Thank you, person who got my MacBook going. I use it every day.

No need for paranoia and panic. Please check the Date Created next time, it's a standard attribute.

0