Should OP invoke ngrok?
Sorry this may sound weird
I have CLI 2.24.0 installed.
Today on my machine Crowdstrike blocked a process and quarantined it
Looking into it it was a version of ngrok, which I have installed via homebrew.
Description: This file is classified as Adware/PUP based on its SHA256 hash.
Customer ID: XXXXXX
Host name: XXXXXX
File name: ngrok
File path: /opt/homebrew/Caskroom/ngrok/3.9.0,3N6KtVt2Euc,a/ngrok
Command line: ngrok --version
SHA 256: 134a4b69f53731b6fac0a60ee2c7eef9450b966dd51b895c10fc5705a4211a55
MD5 Hash data: fdfd63ad0cbcb0e6d8aa0d6131de00d5
Full detection details: https://falcon.eu-1.crowdstrike.com/activity/XXXXXX
Platform: Mac
IP address: XX.XX.XX.XX
User name: stephen.ball
Detected: May. 20, 2024 15:42:09 local time, (2024-05-20 14:42:09 UTC)
Last behavior: May. 20, 2024 15:42:09 local time, (2024-05-20 14:42:09 UTC)
Now, obviously this is nothing to do with 1password, but looking at the process breakdown it was launched by the 1password cli
I was indeed running aws-vault exec deploy -- op run --env-file=.env -- terraform plan at the time, so that explains why bash inside fish (fish is the shell I use, and knowing what aws-vault does it seems likely it launches bash)
what I don't understand is why op would be launching ngrok? I don't have it in my list of configured plugins
alias gh="op plugin run -- gh"
alias vault="op plugin run -- vault"
Thanks
1Password Version: 8.10.32
Extension Version: Not Provided
OS Version: macOS 14.5
Browser: Not Provided
