So far I've found five, while our AV has detected one. Manually searching through each, I ended up edited the above to include the following directories:

~/Library/Application Support/com.tasks.updater/
~/Library/Application Support/com.hello.tasker/

5 out of 2,400 macs
Seen on 10.14.x-10.15.x

It would probably be useful to know fleet size also. I currently have not seen any infections out of about 300 machines.

@maristchris Using a script to detect I've seen zero. We also have SentinelOne so I don't know if that might have found something and dealt with it. I don't have access to that side of things to know.

Nothing here. About 150 Macs. Nothing in the McAfee EP either. Thanks for the scripts and EA above!

Appreciate the scripts.

Hi @rbrinckmann I used your Modified EA and now it is showing my whole Computers numbers that are enrolled... I think I have messed up something.. I tried to use the earlier EA @ncworster mentioned and it is still showing numbers of all enrolled machines. Any advice?

@agakhan_admin How is your Smart Group setup?

Try: name of your Extension Attribute

Operator: Like

Value: Yes

@atomczynski Thank you, Value was missing. I put it.
Further, now there were 2 MacBook that was detected earlier with the suspect files, the count it detected is "0" now. They are gone, not sure how. Any idea?