Bundlore

Bundlore is a type of malware, specifically an adware, that targets macOS systems. It is known for displaying unwanted advertisements on infected computers and installing software products offered by affiliates. Bundlore, along with other malware tools such as BlueBlood, Callisto, JokerSpy, XCSSET, has been designed to manipulate the Transparency Consent and Control (TCC) framework, a security feature in macOS. This manipulation allows these malicious programs to gain access to sensitive user data and system resources. An increase in the prevalence of macOS Bundlore was observed in 2019, pointing towards its growing threat to macOS users. The operation of Bundlore involves several stages including command-and-control communication, privilege escalation, defense evasion, persistence, and advertisement delivery. In its most recent version, a component named WebTools bypasses macOS security measures, changes browser behavior, achieves persistence, and installs an ad delivery component. Interestingly, this component now consists of one application instead of multiple binaries and bash scripts, indicating the evolving sophistication of the malware. Bundlore also exhibits mechanisms to overcome macOS 10.14 protection mechanisms, further demonstrating its advanced capabilities. To protect against macOS Bundlore, it is recommended to use reliable anti-malware solutions. MacKeeper, for instance, has been shown to effectively remove macOS Bundlore components, excluding any SIP-protected files due to the nature of such protection. Indicators of compromise can be used for further research on macOS Bundlore. If a system is suspected to be infected with macOS Bundlore, immediate action should be taken to remove the adware and secure the system.