Potentially unwanted applications, bundleware and browser extensions can render MacOS devices vulnerable to data breaches and cybercrimes.

Contrary to popular belief, cybercriminals target MacOS computers and systems, but most people do not take these threats seriously enough. With cross-platform browsers running on Macs, the attack vehicle is no longer confined to the operating system.

For example, “potentially unwanted applications” (PUA) are available on the Mac platform. These software come with an installer that secretly drops multiple unwanted applications under the guise of installing one legitimate application.

This was highlighted recently by a SophosLabs report that described an aggressive sample of what Sophos refers to as “bundleware”—in this case, Bundlore is a PUA carrying a total of seven dangerous apps targeting MacOS Cataline. This includes three that target the Safari web browser for the injection of ads, hijacking of download links, and redirecting of search queries for the purpose of stealing users’ clicks to generate income.

PUAs are among the most common privacy and security threats to MacOS, according to Sophos. Since they can potentially steal personal data and act as a pathway for malvertising and other malware, antivirus and endpoint protection products block PUAs as a rule.

Bundlore is one of the most common “bundleware” installers for the macOS platform—it accounts for nearly 7% of all attacks against the MacOS platform detected by Sophos, making it the second most common “badware” threat affecting MacOS, although Genieo still ranks first.

On the Windows platform, Bundlore is also a common threat, primarily carrying extensions for Google Chrome—and some of the code used to target Chrome is shared with the MacOS-targeting versions of the adware.

What makes the recent MacOS samples in the report stand out from previous Bundlore versions is the way that they have been updated to keep up with the recent changes in MacOS and Safari—in particular, Apple’s changes in the format for Safari browser extensions.

Given that PUAs are the top non-Windows threats, Xinran Wu, senior threat researcher at Sophos, commented about Bundlore: “Potentially unwanted applications like Bundlore adware are the most common security threat to MacOS users. These PUAs go beyond just injecting ads into websites, they’re redirecting where a user’s browser searches are sent for the purpose of stealing clicks for money and even changing links for software downloads. Users should exercise caution when downloading software from unknown sources and stay alert when an unfamiliar app tries to install browser extensions.”