Description
[Bundlore](https://attack.mitre.org/software/S0482) is adware written for macOS that has been in use since at least 2015. Though categorized as adware, [Bundlore](https://attack.mitre.org/software/S0482) has many features associated with more traditional backdoors.(Citation: MacKeeper Bundlore Apr 2019)
External References
Techniques Used by This Malware
- T1027 — Obfuscated Files or Information
- T1036.005 — Match Legitimate Resource Name or Location
- T1048 — Exfiltration Over Alternative Protocol
- T1056.002 — GUI Input Capture
- T1057 — Process Discovery
- T1059.002 — AppleScript
- T1059.004 — Unix Shell
- T1059.006 — Python
- T1059.007 — JavaScript
- T1071.001 — Web Protocols
- T1082 — System Information Discovery
- T1098.004 — SSH Authorized Keys
- T1105 — Ingress Tool Transfer
- T1140 — Deobfuscate/Decode Files or Information
- T1176.001 — Browser Extensions
- T1189 — Drive-by Compromise
- T1204.002 — Malicious File
- T1222.002 — Linux and Mac File and Directory Permissions Modification
- T1518 — Software Discovery
- T1543.001 — Launch Agent
- T1543.004 — Launch Daemon
- T1562.001 — Disable or Modify Tools
- T1564 — Hide Artifacts