Backdoor in "AppSuite PDF Editor": A Detailed Technical Analysis
Essential information
- Published
- 28/08/2025 18:26
- Modified
- 28/08/2025 19:15
- Tags
- 2025-08-28 aes encryption appsuite appsuite pdf editor backdoor browser manipulation command and control data exfiltration pdf editor scheduled tasks trojan
- Related entities
- 9 observables, 16 techniques (mitre), 1 malware
Description
A detailed analysis of a malicious PDF editor application called AppSuite PDF Editor reveals it to be a sophisticated backdoor. The software, masquerading as a legitimate productivity tool, is distributed through high-ranking websites. Once installed, it creates scheduled tasks and establishes persistence mechanisms. The backdoor communicates with command and control servers, allowing threat actors to execute arbitrary commands, exfiltrate data, and manipulate browser settings. It specifically targets Chromium-based browsers and other applications like Wave browser, Shift browser, and OneLaunch. The malware employs advanced techniques such as AES encryption, custom obfuscation, and event logging to evade detection. The analysis concludes that AppSuite PDF Editor is definitively malicious and should be classified as a trojan horse with backdoor capabilities.
External references
- https://www.gdatasoftware.com/blog/2025/08/38257-appsuite-pdf-editor-backdoor-analysis
- https://www.gdatasoftware.com/fileadmin/_processed_/2/0/G_DATA_Blog_AppSuitePDF_Backdoor_EN_Title_02af542728.jpg
- https://feeds.feedblitz.com/~/923960972/0/gdatasecurityblog-en~AppSuite-PDF-Editor-Backdoor-A-Detailed-Technical-Analysis
- https://otx.alienvault.com/pulse/68b09f3c74e054a6720fdf73