"BadGacha" warning on my Mac mini

Frederick Karayan wrote:

I am a little disappointed to read some of the swipes being taken at Howard Oakley.

What swipes? I said he's a social media influencer. I'll ask again, by what criteria is he not?

Howard and Etresoft are both authors of successful and very useful MacOS utilities.

You came here asking specific questions about specific words, and now you are throwing them around with reckless abandon. What is an "author"? Someone who writes books? What books has Oakley written? There's a reason we make distinctions between "authors" and "bloggers". Other than a few academic papers, I've written no books and no blogs, so I'm neither. Years ago, I was a software engineer, but that term is regulated in Canada. I'm now downgraded to software developer. I'm fine with that. Small price to pay for free healthcare. My US satellites are still in orbit and still working, after all.

What is "successful"? Oakley doesn't charge any money for apps, so money's no metric there. But lots of people run them and they seem to believe what the apps tell them. By social media standards, that's definitely success. Lots of people run EtreCheck, but I'm not sure if they understand what it says or believe it. In the economic wasteland that is Mac apps, EtreCheck has been a success. But in material terms, it doesn't generate a livable wage.

What is "useful"? I don't know. I can tell you that it's subjective. These social media influencer apps generate confusion and misinformation here in the forums. I wouldn't call that useful. But I won't deny they are useful engines of influence. Jury's still out on EtreCheck. It's been useful for attracting stalkers and other malicious people. Great fun, they are.

I also don't understand the use of the term "social media influence" as a pejorative.

You are the only one using it as a pejorative term. I believe I've pretty well defended my use of the "social media influencer" label. He's only one of several such social media influencers in the Apple internet world. But with any social media influencer, it is a good idea to be critical. They may be able to tell you about things you didn't already know about. That can be useful. But they may also tell you things that aren't true. How can you tell the difference? This applies to anything you see on the Internet, on TV, or in print. In that broader field of information, social media influencers do far less harm than reporters or journalists. They're the best of the worst. Is that pejorative?

etresoft wrote:

This app takes low-level log reports, that no one should ever, ever look at, and displays them.

Could you please provide evidence, data, a press release, a license agreement, or any other data in support of your remark that "no one should ever, ever look at" low-level log reports?

For assistance with third-party tools reporting undocumented and internal details of macOS, please contact the third party for details and assistance.

This app is from a class of tools — I’ll including Little Snitch here, as well as Apple and third-party logs and telemetry — that can be useful for some folks, and can be a source of needless worry and concern for others.

Then have a few suggestions ;

1 - Get Support Choose a product and we’ll find you the best solution.Start now and open an Apple Support Ticket as they are Apple Employees to deal will these types of issues . 

2 - Product Feedback - Apple and make it known to Apple regarding this ongoing issue 

Actually, is this is malware ir would only effect the User Account and Not the Operating System itself

In macOS 11 Big Sur, macOS 12 Monterey and macOS 13 Ventura. 

The Operating System resides in a Sealed and Read Only Volume that can not be opened by the User nor by Third Party Applications.

The only Entity that can open and modify or alter this Volume is Apple.

That would occur when a update or UpGrade is performed.

The Built in Security

Should “ Certain & Specific Software “ referenced from above be installed - it will negatively impact macOS. It is suggested, download directly from the Developer , the application Malwarebytes for Mac. 

It is free or paid for added features. 

check this out

https://eclecticlight.co/2023/03/02/apple-has-just-released-an-update-to-xprotect-remediator/

I'm getting this (April 8 2024) on a MacMini M1 running 14.4.1:

(complaining about `rsync`)

2024-04-08 00:52:23.450  BadGacha      👉 no status_message report     time 0.0000000 {"process":{"name":"rsync","pid":930},"action":"report","status":null}
2024-04-08 00:52:23.453  BadGacha      ⚠️ ThreatDetected time 0.0000930 {"status_message":"ThreatDetected","caused_by":[],"execution_duration":9.298324584960938e-05,"status_code":21}

I have the same warning, but mine includes references to 1Password. I have informed them. I can't recall what I was doing so it may not be much help.

I suspect it's a false alarm.

2024-01-18 18:01:33.285  BadGacha      👉 no status_message report     time 0.0000000 {"process":{"name":"1Password-Crash-Handler","pid":844},"status":null,"action":"report"}

2024-01-18 18:01:33.289  BadGacha      ⚠️ ThreatDetected time 0.0000380 {"caused_by":[],"execution_duration":3.802776336669922e-05,"status_code":21,"status_message":"ThreatDetected"}

any update on this?

See here:

2024-01-31 10:58:06.154 BadGacha 👉 no status_message report time 0.0000000 {"process":{"pid":2001,"name":"1Password-Crash-Handler"},"status":null,"action":"report"}

2024-01-31 10:58:08.464 BadGacha ⚠️ ThreatDetected time 0.0000371 {"status_message":"ThreatDetected","execution_duration":3.707408905029297e-05,"caused_by":[],"status_code":21}

I excerpted just the BadGacha ones:

2024-03-05 07:03:47.964 BadGacha NoThreatDetected status_code 20 time 0.0003000

2024-03-05 07:04:09.784 BadGacha ⚠️ ThreatDetected time 0.0000269 {"execution_duration":2.6941299438476562e-05,"status_message":"ThreatDetected","caused_by":[],"status_code":21}

2024-03-05 16:02:17.202 BadGacha ⚠️ ThreatDetected time 0.0000200 {"status_message":"ThreatDetected","execution_duration":2.002716064453125e-05,"caused_by":[],"status_code":21}

2024-03-06 06:31:25.759 BadGacha ⚠️ ThreatDetected time 0.0000310 {"execution_duration":3.0994415283203125e-05,"status_code":21,"status_message":"ThreatDetected","caused_by":[]}

2024-03-06 07:22:00.996 BadGacha NoThreatDetected status_code 20 time 0.0001031

2024-03-05 07:03:47.964 BadGacha NoThreatDetected status_code 20 time 0.0003000

2024-03-05 07:04:09.784 BadGacha ⚠️ ThreatDetected time 0.0000269 {"execution_duration":2.6941299438476562e-05,"status_message":"ThreatDetected","caused_by":[],"status_code":21}

2024-03-05 16:02:17.202 BadGacha ⚠️ ThreatDetected time 0.0000200 {"status_message":"ThreatDetected","execution_duration":2.002716064453125e-05,"caused_by":[],"status_code":21}

2024-03-06 06:31:25.759 BadGacha ⚠️ ThreatDetected time 0.0000310 {"execution_duration":3.0994415283203125e-05,"status_code":21,"status_message":"ThreatDetected","caused_by":[]}

2024-03-06 07:22:00.996 BadGacha NoThreatDetected status_code 20 time 0.0001031

2024-03-05 07:03:47.964 BadGacha NoThreatDetected status_code 20 time 0.0003000

2024-03-05 07:04:09.784 BadGacha ⚠️ ThreatDetected time 0.0000269 {"execution_duration":2.6941299438476562e-05,"status_message":"ThreatDetected","caused_by":[],"status_code":21}

2024-03-05 16:02:17.202 BadGacha ⚠️ ThreatDetected time 0.0000200 {"status_message":"ThreatDetected","execution_duration":2.002716064453125e-05,"caused_by":[],"status_code":21}

2024-03-06 06:31:25.759 BadGacha ⚠️ ThreatDetected time 0.0000310 {"execution_duration":3.0994415283203125e-05,"status_code":21,"status_message":"ThreatDetected","caused_by":[]}

2024-03-06 07:22:00.996 BadGacha NoThreatDetected status_code 20 time 0.0001031

2024-03-05 07:03:47.964 BadGacha NoThreatDetected status_code 20 time 0.0003000

2024-03-05 07:04:09.784 BadGacha ⚠️ ThreatDetected time 0.0000269 {"execution_duration":2.6941299438476562e-05,"status_message":"ThreatDetected","caused_by":[],"status_code":21}

2024-03-05 16:02:17.202 BadGacha ⚠️ ThreatDetected time 0.0000200 {"status_message":"ThreatDetected","execution_duration":2.002716064453125e-05,"caused_by":[],"status_code":21}

2024-03-06 06:31:25.759 BadGacha ⚠️ ThreatDetected time 0.0000310 {"execution_duration":3.0994415283203125e-05,"status_code":21,"status_message":"ThreatDetected","caused_by":[]}

2024-03-06 07:22:00.996 BadGacha NoThreatDetected status_code 20 time 0.0001031

It's interesting that it sometimes detects it and sometimes doesn't, although now I look at those entries again, they're not sorted in date/time order.

What is an "author"? Someone who writes books? What books has Oakley written? There's a reason we make distinctions between "authors" and "bloggers". Other than a few academic papers, I've written no books and no blogs, so I'm neither. Years ago, I was a software engineer, but that term is regulated in Canada. I'm now downgraded to software developer. I'm fine with that. Small price to pay for free healthcare. My US satellites are still in orbit and still working, after all.

Dr. Oakley has been writing articles in computer magazines for many years. There's much interesting information published about him here:- https://www.macobserver.com/podcasts/background-mode-howard-oakley/

Would you care to share details about .... "My US satellites are still in orbit and still working, after all."

Just so that readers know that you are not "telling us things that aren't true"?

[Edited by Moderator]

Welcome

Having this too on my Mac Studio running 14.3.1. I'm also running SilentKnight and XProCheck.