User profile for user: Mofowax
Mofowax Author
User level: Level 1
10 points

TEAM HCiSO has added items that can run in the background, should I be concerned?!

Hi there, I'm looking for some advice if possible? For the past few weeks, I keep getting the following popup notifications from System Settings (after a startup and/or wakeup, sometimes randomly throughout the day), saying:

Background Items Added – Software from "TEAM HCiSO" added items that can run in the background. You can manage this in Login Items Settings.



After a quick search online I found the following website: https://github.com/HoMeCracKeR


I went to my Login Items and found a "TEAM HCiSO", I turned it off so it doesn't open automatically when I login.



I also ran a Malwarebytes scan but it didn't find anything.


Does anyone know what it might be? 😬


Thanks so much.

iMac

Posted on Jan 31, 2023 10:21 AM

Reply
Question marked as Top-ranking reply
User profile for user: Barney-15E
Barney-15E
User level: Level 10
121,982 points

Posted on Jan 31, 2023 3:49 PM

It's something you installed at some point. The entity that signed the certificate was TEAM HCiSO. Searching for that might result in a product name, but quite possibly not.

This would have been an app that used an installer and asked for your admin password to authorize installation of the background process.


The app wasn't written to be compatible with Ventura's new privacy notifications. If you can figure out what app you installed, you can try uninstalling it following the developer's instructions or use their uninstaller. If they have an update, that might help, or possibly just reinstalling it might work.


If you can't find anything searching for that name, you can run Etrecheck which will show you what you have installed. It won't point out a link to that background process, but might give you an idea of what to look for to trial and error uninstall.


Disabling the background process will disable whatever you installed the app to do for you, and it might trigger more notifications as the app you installed is trying to fulfill its contract with you and may try to reinstall the background process since it has no idea why it is not running as expected.

View in context

Similar questions

7 replies
Question marked as Top-ranking reply
User profile for user: Barney-15E
Barney-15E
User level: Level 10
121,982 points

Jan 31, 2023 3:49 PM in response to Mofowax

It's something you installed at some point. The entity that signed the certificate was TEAM HCiSO. Searching for that might result in a product name, but quite possibly not.

This would have been an app that used an installer and asked for your admin password to authorize installation of the background process.


The app wasn't written to be compatible with Ventura's new privacy notifications. If you can figure out what app you installed, you can try uninstalling it following the developer's instructions or use their uninstaller. If they have an update, that might help, or possibly just reinstalling it might work.


If you can't find anything searching for that name, you can run Etrecheck which will show you what you have installed. It won't point out a link to that background process, but might give you an idea of what to look for to trial and error uninstall.


Disabling the background process will disable whatever you installed the app to do for you, and it might trigger more notifications as the app you installed is trying to fulfill its contract with you and may try to reinstall the background process since it has no idea why it is not running as expected.

Reply
User profile for user: Thomas Tempelmann
Thomas Tempelmann
User level: Level 1
76 points

Feb 28, 2023 2:49 AM in response to Mofowax

Apps signed by TEAM HCiSO are cracked apps, often even from free apps that need no cracking. You should ask yourself why a cracker makes the effort to do that. Why would someone copy apps, modify them and then make them available at no apparent cost.

You run the risk that these modified apps contain malicious code that scans your disk for passcodes, monitors your banking logins or does other stuff that you're not aware of but that may harm you in the long run.


Reply
User profile for user: Thomas Tempelmann
Thomas Tempelmann
User level: Level 1
76 points

Feb 28, 2023 6:59 AM in response to Randall_2023

Thanks for explaining. That is a bit too limited term in this case, though, because I know of software cracked by HCiSO that simply modifies the code so that the program always believes that the software is registered, without the need for keys. That's also the reason why the software now has a different signing identifier ("TEAM HCiSO"), because without it the program would not launch any more after this code modification.


So, let's just called it cracked software, I suggest.


Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

TEAM HCiSO has added items that can run in the background, should I be concerned?!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up