You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

What is osascript in my Automation tab in securities?

Recently at the beginning of the week I completely erased my hard drive and reinstalled Mac Ventura because I was previously running Catalina and found out I had a keylogging virus on the Mac and somehow they even messed with my SIP turning parts of it off. I believe that might have contributed to both my main email getting hacked and my facebook as well. I wiped the hard drive clean and then installed a fresh copy of Ventura with all securities bringing it up to date. I installed and ran TotalAV (just ran the scan and then uninstalled it) 6 days ago. It turned up a potential phishing thing called JS/phish.G7 (when I installed Microsoft Office straight from Microsoft.) I had TotalAV remove that. I have since been watching the mac every day for anything strange or unusual. This morning while looking over all of my system items, I noticed osascript now appearing in my Automation Tab. I can't remove it, I turned it off though. When asked to display in finder it's located in the hidden usr folder. Is this a safe thing? or should it not be there and needs to be removed? I tried looking for any strange apps that might be calling for it. I didn't install anything yesterday and it wasn't there yesterday. I also checked in activity monitor but not really sure what I should be looking for in there. Thanks, Iam very stressed and on my toes now because of my accounts being hacked and me finding that keyloggin thing on my mac. Has me super nervous.



iMac 27″, macOS 13.6

Posted on Oct 29, 2023 8:14 AM

Reply

Similar questions

6 replies

Oct 29, 2023 10:31 AM in response to xtremevette

Some some more info on malware:


First, there is no reason to ever install or run any 3rd party "cleaning", "optimizing", "speed-up", anti-virus, VPN or security apps on your Mac.  This documents describe what you need to know and do in order to protect your Mac: Effective defenses against malware and other threats - Apple Community and Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support.  


There are no known viruses, i.e. self propagating, for Macs.  There are, however, adware and malware which require the user to install although unwittingly most of the time thru sneaky links, etc.   


Anti Virus developers try to group all types as viruses into their ad campaigns of fear.  They do a poor job of the detecting and isolating the adware and malware.  Since there are no viruses these apps use up a lot of system resources searching for what is non-existent and adversely affect system and app performance.


There is one app, Malwarebytes, which was developed by a long time contributor to these forums and a highly respected member of the computer security community, that is designed solely to seek out adware and known malware and remove it.  The free version is more than adequate for most users.  


Unless you're using a true VPN tunnel, such as between you and your employer's, school's or bank's servers, they provide false security from a privacy standpoint.  Read these two articles: Public VPN's are anything but private and Former Malware Distributor Kape Technologies Now Owns a Number of Public VPNs and a Collection of VPN “Review” Websites.  


Just some additional food for thought.


Oct 29, 2023 11:46 AM in response to xtremevette

You cannot be assured that what TotalAV anti-virus is finding is real malware, or offering up valid sacrificial false positive files from the operating system or application internals that it misassociates and labels as malware. If you quarantine the wrong file, it could bring down the operating system or cause unexplainable misbehavior in valid applications or data. Windows targeting malware and real viruses do not run on Macs.


If you want to look for malware without whacking the operating system or applications, I would entirely remove TotalAV per the vendor's removal instructions, and use Malwarebytes for that purpose.

Oct 29, 2023 8:39 AM in response to xtremevette

Osascript is installed by all versions of macOS and is for running AppleScript or JavaScript for Automation scripts at the command line, or incorporating AppleScript into a shell script function.


No viruses can infect macOS Monterey, Ventura, or Sonoma because the operating system is on a code-signed, read-only volume. Even turning SIP off will not gain write access to this volume. Additional to that fact, is that Apple has taken proactive steps with the security design of the operating system and hardware as discussed in:


Apple Platform Security - Apple Support


This does not preclude the possibility of introducing other forms of malware into your Mac as baggage on software downloaded from anywhere other than the original developer's site. The free Malwarebytes for Mac is usually recommended here for malware detection and removal. We do not recommend installing any anti-virus software as it has proven over the years to be a source of complaints regarding application and operating system interference and performance loss. You Mac is not the screen door on a submarine that Windows has, and currently represents.




Oct 29, 2023 11:39 AM in response to Old Toad

Awesome thank you Viking. What would be your thoughts on that Keyloggin program I found when my system was under Catalina? It was using Microsoft Office. Do you think because Catalina was so old possibly a security breach or vulnerable area developed and that could be how it got on my machine? I am always pretty careful when downloading and installing programs. I honestly don't recall over the last 4 years since I have had my iMac ever installed anthing that wasn't legit. I always thought there were no viruses on the mac as well but while under Catalina TotalAV did detect and remove a Trojan Horse too (so it said). It said it was malware but I do remember highlighting one of these and it said "trojan horse". After removing all of these, I still was feeling weary about just upgrading my current system. I then decided to bite the bullet, wipe the drive and install the factory system which was Mojave at the time (2019). I then upgraded from that to a fresh copy to Ventura. I didn't go to Sonoma because Adobe says they are not yet supporting it and I use Adobe products.

What is osascript in my Automation tab in securities?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.