[Bug]: macOS 15.0 Beta "Malware Blocked and Moved to Trash"

[themacintoshnerd]

Describe the Bug

Bug Description
macOS 15 now seems to block anything it considers malware despite having disabled gatekeeper. This has resulted in Swiftcord now being completely unusable on 15 for me.

JUST TO BE CLEAR I HAVE DISABLED GATEKEEPER AND RIGHT CLICKED TO OPEN THE PROGRAM.

Actual Behaviour
Unable to open program and macOS deems it to contain malware
Expected Behavior
program should have opened.

Reproducing the Bug

1... Download the program from releases
2... Run
3... Get error.
...

Version

0.7.1

Category

Message history

Relevant Log Output

No response

Screenshots

Additional Info

No response

[themacintoshnerd]

[jean-voila]

I think you just have to wait a bit before it's fully supported on MacOS 15.0 ⬇️

😉

[themacintoshnerd]

That's just for homebrew not the app itself I installed from github releases.

[hehongbo]

Also broken on 14.5 release, not only beta.

Already ripped com.apple.quarantine from the bundle and doesn't work, still getting SIGKILL.

[LetrixZ]

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Process:               Swiftcord [66420]
Path:                  /Applications/Swiftcord.app/Contents/MacOS/Swiftcord
Identifier:            io.cryptoalgo.swiftcord
Version:               0.7.1 (18)
Code Type:             ARM-64 (Native)
Parent Process:        launchd [1]
User ID:               501

Date/Time:             2024-07-01 18:22:37.8659 -0300
OS Version:            macOS 14.5 (23F79)
Report Version:        12
Anonymous UUID:        F491DD77-5492-902F-A6D5-C93BB0C436A9

Sleep/Wake UUID:       DA4F983E-D876-4EBC-9B87-639BA899BE67

Time Awake Since Boot: 150000 seconds
Time Since Wake:       8632 seconds

System Integrity Protection: enabled

Crashed Thread:        0

Exception Type:        EXC_CRASH (SIGABRT)
Exception Codes:       0x0000000000000000, 0x0000000000000000

Termination Reason:    Namespace DYLD, Code 1 Library missing
Library not loaded: @rpath/Lottie.framework/Versions/A/Lottie
Referenced from: <611733EE-B23B-3D64-81EE-BE754964901D> /Applications/Swiftcord.app/Contents/MacOS/Swiftcord
Reason: tried: '/Applications/Swiftcord.app/Contents/Frameworks/Lottie.framework/Versions/A/Lottie' (code signature invalid in <7E215E08-B887-3801-B9C2-F7C77C5FF70C> '/Applications/Swiftcord.app/Contents/Frameworks/Lottie.framework/Versions/A/Lottie' (errno=1) sliceOffset=0x00234000, codeBlobOffset=0x002090A0, codeBlobSize=0x0000B2E0), '/Applications/Swiftcord.app/Contents/Frameworks/Lottie.framework/Versions/A/Lottie' (code signature invalid in <7E215E08-B887-3801-B9C2-F7C77C5FF70C> '/Applications/Swiftcord.app/Contents/Frameworks/Lottie.framework/Versions/A/Lottie' (errno=1) sliceOffset=0x00234000, codeBlobOffset=0x002090A0, codeBlobSize=0x0000B2E0)
(terminated at launch; ignore backtrace)

Thread 0 Crashed:
0   dyld                          	       0x19fdc1a50 __abort_with_payload + 8
1   dyld                          	       0x19fdcc628 abort_with_payload_wrapper_internal + 104
2   dyld                          	       0x19fdcc65c abort_with_payload + 16
3   dyld                          	       0x19fd5e6b0 dyld4::halt(char const*, dyld4::StructuredError const*) + 304
4   dyld                          	       0x19fd5b258 dyld4::prepare(dyld4::APIs&, dyld3::MachOAnalyzer const*) + 3888
5   dyld                          	       0x19fd59edc start + 1844


Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x0000000000000006   x1: 0x0000000000000001   x2: 0x000000016d4fe2a0   x3: 0x0000000000000073
    x4: 0x000000016d4fdea0   x5: 0x0000000000000000   x6: 0x0000000000000000   x7: 0x0000000000000000
    x8: 0x0000000000000020   x9: 0x000000016d4fde0b  x10: 0x000000000000000a  x11: 0x0000000000000000
   x12: 0x0000000000000036  x13: 0x1000000000000000  x14: 0x0000000000000004  x15: 0x0000000000008000
   x16: 0x0000000000000209  x17: 0x000000019fd5737c  x18: 0x0000000000000000  x19: 0x0000000000000000
   x20: 0x000000016d4fdea0  x21: 0x0000000000000073  x22: 0x000000016d4fe2a0  x23: 0x0000000000000001
   x24: 0x0000000000000006  x25: 0x0000000000000001  x26: 0x000000016d4fec18  x27: 0x0000000000000101
   x28: 0x000000016d4fecd8   fp: 0x000000016d4fde70   lr: 0x000000019fdcc628
    sp: 0x000000016d4fde30   pc: 0x000000019fdc1a50 cpsr: 0x80001000
   far: 0x0000000000000000  esr: 0x56000080  Address size fault

Binary Images:
       0x102900000 -        0x102ebbfff io.cryptoalgo.swiftcord (0.7.1) <611733ee-b23b-3d64-81ee-be754964901d> /Applications/Swiftcord.app/Contents/MacOS/Swiftcord
       0x19fd54000 -        0x19fddca17 dyld (*) <37bbc384-0755-31c7-a808-0ed49e44dd8e> /usr/lib/dyld
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???

External Modification Summary:
  Calls made by other processes targeting this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by this process:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0
  Calls made by all processes on this machine:
    task_for_pid: 0
    thread_create: 0
    thread_set_state: 0

VM Region Summary:
ReadOnly portion of Libraries: Total=548.8M resident=0K(0%) swapped_out_or_unallocated=548.8M(100%)
Writable regions: Total=12.5M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=12.5M(100%)

                                VIRTUAL   REGION 
REGION TYPE                        SIZE    COUNT (non-coalesced) 
===========                     =======  ======= 
STACK GUARD                       56.0M        1 
Stack                             8176K        1 
VM_ALLOCATE                         16K        1 
__DATA                             571K        3 
__DATA_CONST                       247K        2 
__DATA_DIRTY                         7K        1 
__LINKEDIT                       542.5M        2 
__TEXT                            6420K        2 
dyld private memory               4384K        4 
===========                     =======  ======= 
TOTAL                            617.9M       17 



-----------
Full Report
-----------

{"app_name":"Swiftcord","timestamp":"2024-07-01 18:22:38.00 -0300","app_version":"0.7.1","slice_uuid":"611733ee-b23b-3d64-81ee-be754964901d","build_version":"18","platform":1,"bundleID":"io.cryptoalgo.swiftcord","share_with_app_devs":1,"is_first_party":0,"bug_type":"309","os_version":"macOS 14.5 (23F79)","roots_installed":0,"name":"Swiftcord","incident_id":"BAA9F5A6-19BC-4E9D-9561-81AD153E25F9"}
{
  "uptime" : 150000,
  "procRole" : "Background",
  "version" : 2,
  "userID" : 501,
  "deployVersion" : 210,
  "modelCode" : "Mac14,2",
  "coalitionID" : 29061,
  "osVersion" : {
    "train" : "macOS 14.5",
    "build" : "23F79",
    "releaseType" : "User"
  },
  "captureTime" : "2024-07-01 18:22:37.8659 -0300",
  "codeSigningMonitor" : 1,
  "incident" : "BAA9F5A6-19BC-4E9D-9561-81AD153E25F9",
  "pid" : 66420,
  "translated" : false,
  "cpuType" : "ARM-64",
  "roots_installed" : 0,
  "bug_type" : "309",
  "procLaunch" : "2024-07-01 18:22:37.4287 -0300",
  "procStartAbsTime" : 3647215326262,
  "procExitAbsTime" : 3647225125556,
  "procName" : "Swiftcord",
  "procPath" : "\/Applications\/Swiftcord.app\/Contents\/MacOS\/Swiftcord",
  "bundleInfo" : {"CFBundleShortVersionString":"0.7.1","CFBundleVersion":"18","CFBundleIdentifier":"io.cryptoalgo.swiftcord"},
  "storeInfo" : {"deviceIdentifierForVendor":"A103D220-BEBD-52FB-A10C-3030903EFD30","thirdParty":true},
  "parentProc" : "launchd",
  "parentPid" : 1,
  "coalitionName" : "io.cryptoalgo.swiftcord",
  "crashReporterKey" : "F491DD77-5492-902F-A6D5-C93BB0C436A9",
  "codeSigningID" : "io.cryptoalgo.swiftcord",
  "codeSigningTeamID" : "Q382QLKDG3",
  "codeSigningFlags" : 1644245781,
  "codeSigningValidationCategory" : 3,
  "codeSigningTrustLevel" : 4294967295,
  "instructionByteStream" : {"beforePC":"1AAAABABAAAYAQAAIAEAACgBAAAwAQAAOAEAAFQBAAAwQYDSARAA1A==","atPC":"AwEAVH8jA9X9e7+p\/QMAkQpV\/pe\/AwCR\/XvBqP8PX9bAA1\/WEC2A0g=="},
  "wakeTime" : 8632,
  "sleepWakeUUID" : "DA4F983E-D876-4EBC-9B87-639BA899BE67",
  "sip" : "enabled",
  "exception" : {"codes":"0x0000000000000000, 0x0000000000000000","rawCodes":[0,0],"type":"EXC_CRASH","signal":"SIGABRT"},
  "termination" : {"code":1,"flags":518,"namespace":"DYLD","indicator":"Library missing","details":["(terminated at launch; ignore backtrace)"],"reasons":["Library not loaded: @rpath\/Lottie.framework\/Versions\/A\/Lottie","Referenced from: <611733EE-B23B-3D64-81EE-BE754964901D> \/Applications\/Swiftcord.app\/Contents\/MacOS\/Swiftcord","Reason: tried: '\/Applications\/Swiftcord.app\/Contents\/Frameworks\/Lottie.framework\/Versions\/A\/Lottie' (code signature invalid in <7E215E08-B887-3801-B9C2-F7C77C5FF70C> '\/Applications\/Swiftcord.app\/Contents\/Frameworks\/Lottie.framework\/Versions\/A\/Lottie' (errno=1) sliceOffset=0x00234000, codeBlobOffset=0x002090A0, codeBlobSize=0x0000B2E0), '\/Applications\/Swiftcord.app\/Contents\/Frameworks\/Lottie.framework\/Versions\/A\/Lottie' (code signature invalid in <7E215E08-B887-3801-B9C2-F7C77C5FF70C> '\/Applications\/Swiftcord.app\/Contents\/Frameworks\/Lottie.framework\/Versions\/A\/Lottie' (errno=1) sliceOffset=0x00234000, codeBlobOffset=0x002090A0, codeBlobSize=0x0000B2E0)"]},
  "extMods" : {"caller":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"system":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"targeted":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"warnings":0},
  "faultingThread" : 0,
  "threads" : [{"triggered":true,"id":4252641,"threadState":{"x":[{"value":6},{"value":1},{"value":6128919200},{"value":115},{"value":6128918176},{"value":0},{"value":0},{"value":0},{"value":32},{"value":6128918027},{"value":10},{"value":0},{"value":54},{"value":1152921504606846976},{"value":4},{"value":32768},{"value":521},{"value":6976533372,"symbolLocation":416,"symbol":"__simple_bprintf"},{"value":0},{"value":0},{"value":6128918176},{"value":115},{"value":6128919200},{"value":1},{"value":6},{"value":1},{"value":6128921624},{"value":257},{"value":6128921816}],"flavor":"ARM_THREAD_STATE64","lr":{"value":6977013288},"cpsr":{"value":2147487744},"fp":{"value":6128918128},"sp":{"value":6128918064},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":6976969296,"matchesCrashFrame":1},"far":{"value":0}},"frames":[{"imageOffset":449104,"symbol":"__abort_with_payload","symbolLocation":8,"imageIndex":1},{"imageOffset":493096,"symbol":"abort_with_payload_wrapper_internal","symbolLocation":104,"imageIndex":1},{"imageOffset":493148,"symbol":"abort_with_payload","symbolLocation":16,"imageIndex":1},{"imageOffset":42672,"symbol":"dyld4::halt(char const*, dyld4::StructuredError const*)","symbolLocation":304,"imageIndex":1},{"imageOffset":29272,"symbol":"dyld4::prepare(dyld4::APIs&, dyld3::MachOAnalyzer const*)","symbolLocation":3888,"imageIndex":1},{"imageOffset":24284,"symbol":"start","symbolLocation":1844,"imageIndex":1}]}],
  "usedImages" : [
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 4337958912,
    "CFBundleShortVersionString" : "0.7.1",
    "CFBundleIdentifier" : "io.cryptoalgo.swiftcord",
    "size" : 6012928,
    "uuid" : "611733ee-b23b-3d64-81ee-be754964901d",
    "path" : "\/Applications\/Swiftcord.app\/Contents\/MacOS\/Swiftcord",
    "name" : "Swiftcord",
    "CFBundleVersion" : "18"
  },
  {
    "source" : "P",
    "arch" : "arm64e",
    "base" : 6976520192,
    "size" : 559640,
    "uuid" : "37bbc384-0755-31c7-a808-0ed49e44dd8e",
    "path" : "\/usr\/lib\/dyld",
    "name" : "dyld"
  },
  {
    "size" : 0,
    "source" : "A",
    "base" : 0,
    "uuid" : "00000000-0000-0000-0000-000000000000"
  }
],
  "sharedCache" : {
  "base" : 6975766528,
  "size" : 4220698624,
  "uuid" : "3406ad1b-2469-30eb-9863-5dce861e6dea"
},
  "vmSummary" : "ReadOnly portion of Libraries: Total=548.8M resident=0K(0%) swapped_out_or_unallocated=548.8M(100%)\nWritable regions: Total=12.5M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=12.5M(100%)\n\n                                VIRTUAL   REGION \nREGION TYPE                        SIZE    COUNT (non-coalesced) \n===========                     =======  ======= \nSTACK GUARD                       56.0M        1 \nStack                             8176K        1 \nVM_ALLOCATE                         16K        1 \n__DATA                             571K        3 \n__DATA_CONST                       247K        2 \n__DATA_DIRTY                         7K        1 \n__LINKEDIT                       542.5M        2 \n__TEXT                            6420K        2 \ndyld private memory               4384K        4 \n===========                     =======  ======= \nTOTAL                            617.9M       17 \n",
  "legacyInfo" : {
  "threadTriggered" : {

  }
},
  "logWritingSignature" : "7e6adc62a84a57aef25378375f5d0bfd220978ce",
  "trialInfo" : {
  "rollouts" : [
    {
      "rolloutId" : "645197bf528fbf3c3af54105",
      "factorPackIds" : {
        "SIRI_VALUE_INFERENCE_PERVASIVE_ENTITY_RESOLUTION" : "663e65b4a1526e1ca0e288a1"
      },
      "deploymentId" : 240000002
    },
    {
      "rolloutId" : "60da5e84ab0ca017dace9abf",
      "factorPackIds" : {

      },
      "deploymentId" : 240000008
    }
  ],
  "experiments" : [
    {
      "treatmentId" : "3dff9c91-a8fb-424e-a656-c8d6e6037574",
      "experimentId" : "662152ede2d11d1408c4db33",
      "deploymentId" : 400000014
    },
    {
      "treatmentId" : "c47ab4cc-c9c3-4b5d-a87c-e2433ce02597",
      "experimentId" : "6639bc6ba73d460582162323",
      "deploymentId" : 400000006
    }
  ]
}
}

Model: Mac14,2, BootROM 10151.121.1, proc 8:4:4 processors, 16 GB, SMC 
Graphics: Apple M2, Apple M2, Built-In
Display: G27Q, 5120 x 2880 (5K/UHD+ - Ultra High Definition Plus), Main, MirrorOff, Online
Memory Module: LPDDR5, Hynix
AirPort: spairport_wireless_card_type_wifi (0x14E4, 0x4387), wl0: Apr  4 2024 20:37:43 version 20.103.14.0.8.7.174 FWID 01-95f1e684
AirPort: 
Bluetooth: Version (null), 0 services, 0 devices, 0 incoming serial ports
Network Service: USB 10/100/1000 LAN, Ethernet, en5
Network Service: Wi-Fi, AirPort, en0
USB Device: USB31Bus
USB Device: SOHO USB 3.2 Hub
USB Device: Baseus-C01 USB3.1(GEN2)
USB Device: SOHO USB 2.0 Hub
USB Device: USB2.1 Hub
USB Device: USB2.0 Hub
USB Device: HyperX Alloy FPS Pro Mechanical Gaming Keyboard
USB Device: KT USB Audio
USB Device: USB Billboard Device
USB Device: FIFINE K670 Microphone
USB Device: FiiO KA1
USB Device: USB Receiver
USB Device: USB-C SOHO Dock
USB Device: USB31Bus
Thunderbolt Bus: MacBook Air, Apple Inc.
Thunderbolt Bus: MacBook Air, Apple Inc.

[faimin]

my workaround:

codesign --force --deep --sign - /Applications/Swiftcord.app

[ThunderRuler]

my workaround:

codesign --force --deep --sign - /Applications/Swiftcord.app

Worked for me to get the App open but after signing using QR code and username + password it’s stuck on signing on and crashes or stalls after 10-12 seconds.

[ShikiSuen]

As of macOS 14.5 there is absolutely no method to let the following precompiled executable run on other computers without being signed:

https://github.com/SwiftcordApp/Swiftcord/releases/tag/v0.7.1

My conclusion is that this binary is hard-blacklisted by Apple.

I suggest those who want to use this app to compile from the source code. I have tried Xcode 15.3 and it works well.

[justkorudev]

I have tried Xcode 15.3 and it works well.

for me it just fails to login, even when compiling source code.

[ShikiSuen]

@justkorudev Same issue.

What I addressed above only deals with the GateKeeper issue.

[TheElectroclassics]

I'm having the same issues :(

[chucker]

my workaround:

codesign --force --deep --sign - /Applications/Swiftcord.app

Note: as of macOS 15.1 Beta (24B5046f), the error will then change to:

Apple could not verify “Swiftcord.app” is free of malware that may harm your Mac or compromise your privacy.

To workaround that, you need to open System Settings, head to Privacy & Security, scroll down, and confirm there (Swiftcord should be mentioned somewhere).

For me, logging in worked (I used the QR code from the iOS app).

[darkhelmet1597]

Yeah so this appears to be an actual XProtect detection and not a code signing or blacklist issue. I suspect the currently available build and or repo may have been compromised.

Dev, you should probably scan your Mac. At some point you may have pulled in an infected repo, and the behavior with those infections is generally an attempt to infect other projects on the machine.

[cryptoAlgorithm]

@darkhelmet1597 Hmm, I am quite certain that is not the case. I suspect that the app was flagged and added to the XProtect rules due to a high number of users bypassing the non-developer account signed warning when the ad-hoc cert used to sign that version expired. I've heard of others having this happen to their ad-hoc signed apps too.

I can confirm this because rebuilding the same copy of the codebase on the Mac used to build the bundle attached with the release yields a bundle that is not flagged by XProtect but is otherwise identical. This shouldn't be the case if my copy of the source is contaminated.

Additionally, due to Discord's breaking Gateway API changes, the majority of accounts will fail to log in/cause a crash on this version (even after bypassing the XProtect action which I do not recommend), as some of you might have already experienced. In view of my limited (open source) development time, I apologize that I cannot offer further support, for significant breaking changes like these, for older versions of Swiftcord.

However I am focusing my efforts on the next version of Swiftcord rewritten from the ground up to not only be more robust against API changes like these, and also be even more performant - take a look at #189 for more!