The mm-install-macos variant of the Bundlore family of macOS adware has been around for many years in many variations and delivery methods. Recently, an alternative with a novel
installation method was discovered. Although most of the installation details were the same or similar to the other samples analyzed, these new samples modified the sudoers file on the infected system to remove the password requirement for privilege escalation.
The malware also utilizes a form of obfuscation not observed before in this family, hiding compressed data in a resource fork on a downloaded script file.
Learn more >