How to remove MacOS Bundlore from Mac?
I wanted to play a rogue-like dungeon crawler on my phone, but I wanted something fast and engaging like an arcade runner or flyer. From these desires Swipey Rogue was born! While the target platform is definitely mobile devices, I intend to make PC/Mac/Linux builds as well. This tool can easily be installed on Mac OS X using Homebrew. Hping is another free command-line tool derived from ping. It is available on Mac OS X as well as most Unix-like operating systems and Windows. Although it is no longer in active development, it is still in widespread use, a testament to how good a tool it is.
What is MacOS Bundlore?
MacOS Bundlore (also known as Crossrider) or is a family of deceptive software installers that allow criminals to proliferate ('bundle') adware-type applications (such as CinemaPlusPro, FlashMall, MyShopcoupon, etc.) together with regular apps. Adware-type apps typically offer 'useful features' and most may seem legitimate. After infiltration, however, these programs deliver intrusive advertisements and gather sensitive information.
Adware-type apps deliver intrusive advertisements using tools that enable placement of third party graphical content on any site. Therefore, coupons, banners, pop-ups, and other ads that often conceal underlying content, thereby significantly diminishing the browsing experience. Furthermore, they can lead to malicious websites and execute scripts that download and install malware. Even a single click can result in high-risk computer infections. As mentioned, adware-type apps also collect user-system information. Internet Protocol (IP) addresses, queries entered into search engines, URLs of visited pages and other information that may include personal details. It is common that those details are shared with third parties (potentially, cyber criminals). Third parties misuse shared information to generate revenue. Research shows that apps from Bundlore family target details such as a unique identifier for the computer, user name, macOS version, Safari and Chrome version, list of entries in the Applications folder, list of installed agents and daemons, list of installed system configuration profiles and/or version of the installed antivirus software or other security software that is designed to remove malware. Also, apps from this family often get installed as browser extensions and collect data that is displayed on websites or is entered into forms on a websites. It is possible that those apps may be capable of accessing sensitive data, such as usernames, passwords, and credit card numbers. Therefore, having. In doing so, potentially unwanted applications (PUAs) attempt to give the impression of legitimacy, however, their only purpose is to generate revenue for the developers. Rather than giving any real value for regular users, PUAs deliver intrusive advertisements and gather sensitive information, thereby posing a direct threat to your privacy and Internet browsing safety.
How did potentially unwanted programs install on my computer?
As mentioned, MacOS Bundlore's installers 'bundle' adware. Therefore, due to the lack of knowledge and careless behavior of many users, potentially unwanted applications often infiltrate systems without consent. Developers do not disclose PUA installations properly. Therefore, adware-type apps are often concealed within various sections (e.g., 'Custom/Advanced' settings) of the download or installation processes. Furthermore, many users are likely to rush these procedures and skip steps, thereby exposing systems to risk of various infections and putting users' privacy at risk.
How to avoid installation of potentially unwanted applications?
The key to computer safety is caution. Therefore, to prevent system infiltration by potentially unwanted applications, be very cautious when downloading/installing software and browsing the Internet. Select 'Custom/Advanced' settings and carefully analyze each window of the download/installation dialogs. Opt-out of all additionally-included programs and decline offers to download/install them. We advise you to download software from official sources only, using direct download links. Unofficial downloaders/installers should never be used, since developers monetize them by promoting ('bundling') PUAs. As well as using the 'bundling' method, adware developers often proliferate these programs using intrusive advertisements. Developers invest many resources into intrusive ad design, thereby making them seem legitimate, however, the ads often lead to dubious websites (gambling, adult dating, pornography, and so on). If you encounter these ads, immediately eliminate all dubious applications and browser plug-ins. If your computer is already infected with PUPs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Most commonly adware from 'Bundlore' family install via fake Adobe Flash Player updaters:
List of .plist files modified by MacOS Bundlore virus:
- ~/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.Extensions.plist
- ~/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari.plist
- ~/Library/Preferences/com.apple.Safari.SandboxBroker.plist
- ~/Library/Preferences/com.google.Chrome.plist
- ~/Library/Safari/Bookmarks.plist
- ~/Library/Safari/Extensions/Extensions.plist
List of domains related to MacOS Bundlore virus:
- cdn.macmymacupdater[.]com
- cdn.mycouponsmartmac[.]com
- cdn.myshopcouponmac[.]com
- events.blitzbarbara[.]win
- events.macinstallerinfo[.]com
- events.mycouponsmartmac[.]com
- events.ponystudent[.]com
- otcct.beforeoctavia[.]site
- secure.mycouponsmartmac[.]com
- service.ezsoftwareupdater[.]com
- service.macinstallerinfo[.]com
- software.macsoftwareserver05[.]com
List of adware-type applications relating to MacOS Bundlore virus:
| BestSmart Shoppers | BestWebShoppers |
| CoolShopper | Couponizer |
| Easy-Shopper | EasyShopper |
| FlashMall | HotShoppy |
| LiveShoppers | MyCouponize |
| MyShopBot | MyShopcoupon |
| MyShopMate | ShopTool |
| Shopperify | Shoppinizer |
| Smart-Shoppy | SmartShoppy |
| SurfBuyer | SurfMate |
| WebShoppers | WebShoppy |
Update September 13, 2019 - Cyber criminals have updated MacOS Bundlore a number of times since it first release and, thus, its behavior has changed. First of all, MacOS Bundlore uses a different technique to manipulate web browsers' search settings. In the past, MacOS Bundlore was using malicious browser extensions. Since MacOS 10.13 release, however, MacOS Bundlore achieves this by creating new device profiles, because the previous method is no longer working due to newly-added MacOS security features. Now it is worth mentioning that MacOS Bundlore performs a chain of actions to inject rogue applications into the system. Initially, a bash script ('Install.sh') connects to a remote server and downloads an archive containing an app named 'mm-install-macOS'. Once executed, this app connects to a remote server and downloads/executes scripts necessary to install unwanted applications. Now it is worth mentioning that password of the user is necessary for MacOS Bundlore to communicate with the system. In order to extract the password, MacOS Bundlore prompts a pop-up window pretending to be MacOS and asks user to enter the password. Once entered, the password is saved and used for further actions. MacOS Bundlore consists of three main components: 1) MyMacUpdater (responsible for communication with Command & Control (C&C) server in order to keep the infection up-to-date); 2) WebTools (responsible for bypassing MacOS security, changes of browsers' behavior, persistence achievement, and installation of ad-delivering tools), and; 3) ad-delivering tool which injects JavaScript into browsers by using AppleScript.
Update June 29, 2020 - MacOS Bundlore has been updated in order to target the newest version of the Safari browser. Since Safari 13 is longer compatible with the old Safari Extension format (.safariextz), developers of both legitimate and questionable software have been pushed to update their products in accordance. These changes in formatting have not escaped the notice of MacOS Bundlore developers. Several new installers have been released containing payloads compatible with the new Safari App Extension format (.appex).
IMPORTANT NOTE! As mentioned above, MacOS Bundlore uses device profiles to alter web browsers' behavior. Therefore, before taking any further removal steps, perform these actions:
1) Click the 'Preferences' icon in the menu bar and select 'Profiles'
2) Select the 'AdminPrefs' profile and delete it.
3) Perform a full system scan with Combo Cleaner anti-virus suite.
After performing these actions, you can proceed with further removal steps for this browser hijacker.
Instant automatic Mac malware removal:Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for MacBy downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited three days free trial available.
Quick menu:
- STEP 1. Remove PUP related files and folders from OSX.
- STEP 2. Remove rogue extensions from Safari.
- STEP 3. Remove rogue add-ons from Google Chrome.
- STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.
Video showing how to remove adware and browser hijackers from a Mac computer:
Potentially unwanted programs removal:
Remove PUP-related potentially unwanted applications from your 'Applications' folder:
Click the Finder icon. In the Finder window, select 'Applications'. In the applications folder, look for 'MPlayerX','NicePlayer', or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Combo Cleaner checks if your computer is infected with malware. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited three days free trial available. Adobe reader update version 11 0 3 37.
Remove macos bundlore (crossrider) adware related files and folders:
Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder..
Check for adware-generated files in the /Library/LaunchAgents folder:
In the Go to Folder.. bar, type: /Library/LaunchAgents Musiclab reallpc v4 0 1 7387.
In the 'LaunchAgents' folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - 'installmac.AppRemoval.plist', 'myppes.download.plist', 'mykotlerino.ltvbit.plist', 'kuklorest.update.plist', etc. Adware commonly installs several files with the same string.
Check for adware generated files in the /Library/Application Support folder:
In the Go to Folder.. bar, type: /Library/Application Support
In the 'Application Support' folder, look for any recently-added suspicious folders. For example, 'MplayerX' or 'NicePlayer', and move these folders to the Trash. Spanish 21 card counting.
Check for adware-generated files in the ~/Library/LaunchAgents folder:
Www nordicbet com.
In the Go to Folder bar, type: ~/Library/LaunchAgents
In the 'LaunchAgents' folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - 'installmac.AppRemoval.plist', 'myppes.download.plist', 'mykotlerino.ltvbit.plist', 'kuklorest.update.plist', etc. Adware commonly installs several files with the same string.
Check for adware-generated files in the /Library/LaunchDaemons folder:
In the Go to Folder.. bar, type: /Library/LaunchDaemons
In the 'LaunchDaemons' folder, look for recently-added suspicious files. For example 'com.aoudad.net-preferences.plist', 'com.myppes.net-preferences.plist', 'com.kuklorest.net-preferences.plist', 'com.avickUpd.plist', etc., and move them to the Trash.
Scan your Mac with Combo Cleaner:
If you have followed all the steps in the correct order you Mac should be clean of infections. To be sure your system is not infected run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file double click combocleaner.dmg installer, in the opened window drag and drop Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates it's virus definition database and click 'Start Combo Scan' button.
Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays 'no threats found' - this means that you can continue with the removal guide, otherwise it's recommended to remove any found infections before continuing.
After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.
MacOS Bundlore (Crossrider) adware removal from Internet browsers:
Remove malicious extensions from Safari:
Swipey Rogue Mac Os Update
Remove macos bundlore (crossrider) adware related Safari extensions:
Open Safari browser, from the menu bar, select 'Safari' and click 'Preferences..'.
In the preferences window, select 'Extensions' and look for any recently-installed suspicious extensions. When located, click the 'Uninstall' button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for normal browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.
Swipey Rogue Mac Os X
Remove malicious plug-ins from Mozilla Firefox:
Swipey Rogue Mac Os Catalina
Remove macos bundlore (crossrider) adware related Mozilla Firefox add-ons:
Open your Mozilla Firefox browser. At the top right corner of the screen, click the 'Open Menu' (three horizontal lines) button. From the opened menu, choose 'Add-ons'.
Choose the 'Extensions' tab and look for any recently-installed suspicious add-ons. When located, click the 'Remove' button next to it/them. Note that you can safely uninstall all extensions from your Mozilla Firefox browser - none are crucial for normal browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.
Remove malicious extensions from Google Chrome:
Remove macos bundlore (crossrider) adware related Google Chrome add-ons:
Open Google Chrome and click the 'Chrome menu' (three horizontal lines) button located in the top-right corner of the browser window. From the drop-down menu, choose 'More Tools' and select 'Extensions'.
In the 'Extensions' window, look for any recently-installed suspicious add-ons. When located, click the 'Trash' button next to it/them. Note that you can safely uninstall all extensions from your Google Chrome browser - none are crucial for normal browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.
