Malicious Appsuite PDF Editor Spreads Tamperedchef Malware
Essential information
- Published
- 28/08/2025 13:34
- Modified
- 28/08/2025 13:50
- Tags
- 2025-08-28 appsuite pdf editor credential-theft google advertising information stealer obfuscation tamperedchef trojanized software
- Related entities
- 97 observables, 15 techniques (mitre), 1 malware
Description
A large cybercrime campaign has been observed involving multiple fraudulent websites promoted through Google advertising. The campaign aims to trick users into downloading and installing a trojanized PDF editor containing the TamperedChef information-stealing malware. The malware harvests sensitive data, including credentials and web cookies. The campaign began on June 26, 2025, with the PDF editor initially appearing harmless but later activating malicious capabilities. The threat actor used Google advertising to promote the PDF editor, with at least 5 different campaign IDs observed. The malware's activation occurred 56 days after the campaign's start, coinciding with a typical Google ad campaign duration. The threat actor has a history of distributing malicious code disguised as free utility tools, and this campaign has successfully affected several European organizations.