{ "name": "Malicious Appsuite PDF Editor Spreads Tamperedchef Malware", "slug": "malicious-appsuite-pdf-editor-spreads-tamperedchef-malware", "description": "A large cybercrime campaign has been observed involving multiple fraudulent websites promoted through Google advertising. The campaign aims to trick users into downloading and installing a trojanized PDF editor containing the TamperedChef information-stealing malware. The malware harvests sensitive data, including credentials and web cookies. The campaign began on June 26, 2025, with the PDF editor initially appearing harmless but later activating malicious capabilities. The threat actor used Google advertising to promote the PDF editor, with at least 5 different campaign IDs observed. The malware's activation occurred 56 days after the campaign's start, coinciding with a typical Google ad campaign duration. The threat actor has a history of distributing malicious code disguised as free utility tools, and this campaign has successfully affected several European organizations.", "published": "2025-08-28T11:34:18+00:00", "created_at": "2025-08-28T11:34:18+00:00", "modified_at": "2025-08-28T11:50:31+00:00", "created_at_opencti": "2025-08-28T11:34:18+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-08-28", "appsuite pdf editor", "credential-theft", "google advertising", "information stealer", "obfuscation", "tamperedchef", "trojanized software" ], "related_entities": { "observables": [ { "id": "", "name": "download04.pdfgj.com" }, { "id": "", "name": "download04.masterlifemastermind.net" }, { "id": "", "name": "download02.pdfgj.com" }, { "id": "", "name": "download02.apdft.online" }, { "id": "", "name": "transmitcdnzion.com" }, { "id": "", "name": "proonestarthub.com" }, { "id": "", "name": "proonestartpdf.com" }, { "id": "", "name": "pdfworker.com" }, { "id": "", "name": "pdfts.site" }, { "id": "", "name": "pdfsmartkit.com" }, { "id": "", "name": "pdfscraper.com" }, { "id": "", "name": "pdfonestarttoday.com" }, { "id": "", "name": "pdfonestartlive.com" }, { "id": "", "name": "pdfonestarthub.com" }, { "id": "", "name": "pdfhubspot.com" }, { "id": "", "name": "pdffilehub.net" }, { "id": "", "name": "pdfdoccentral.com" }, { "id": "", "name": "pdfappsuite.com" }, { "id": "", "name": "pdf-kiosk.net" }, { "id": "", "name": "onestartbrowser.com" }, { "id": "", "name": "mypdfonestart.com" }, { "id": "", "name": "micromacrotechbase.com" }, { "id": "", "name": "ltdpdf.net" }, { "id": "", "name": "ltdpdf.com" }, { "id": "", "name": "itpdf.net" }, { "id": "", "name": "getsmartpdf.com" }, { "id": "", "name": "fileconverterdownload.com" }, { "id": "", "name": "fastonestartpdf.com" }, { "id": "", "name": "easyonestartpdf.com" }, { "id": "", "name": "convertpdfplus.com" }, { "id": "", "name": "click4pdf.com" }, { "id": "", "name": "cdasynergy.net" }, { "id": "", "name": "apdft.net" }, { "id": "", "name": "advancedtransmitart.net" }, { "id": "", "name": "fc4d1107958f70bd553d824224fc74b3b5ad2365f3599bfda795e0b718f3c76a" }, { "id": "", "name": "f97c7edb0d8d9b65bf23df76412b6d2bbfbab6e3614e035789e4e1a30e40b7f1" }, { "id": "", "name": "f6e323d4741baf047445a13bb9587acfb79cc2b16737b91df18a8a9bf5b307f4" }, { "id": "", "name": "f4bc13b8b76656e4e4b7306d2dc6a5be4e19e752b015bcefbfdcc885a8bb122f" }, { "id": "", "name": "e6286f5f4c7cdde39c9300d1204ff504499c760bbffa56fc7e3830796537f71b" }, { "id": "", "name": "e08cc90e738e7e5f275d220b3914c2860a388e7ada67ed34fda1a01a23bf42bc" }, { "id": "", "name": "da3c6ec20a006ec4b289a90488f824f0f72098a2f5c2d3f37d7a2d4a83b344a0" }, { "id": "", "name": "d7315bbccff2899c1751c7f7e0e0b48d561366771699f48c90d9b448418856c2" }, { "id": "", "name": "cf5194e7f63de52903b5d61109fd0d898b73dd3a07512e151077fba23cdf4800" }, { "id": "", "name": "cebe0ce89e4622118371f60cd82a9d0a7659e0916edf522cacba6b308bded8de" }, { "id": "", "name": "ce0019424497040351c9054aa2ee6b07fc610024cc2cb2cc810de80f838c7a14" }, { "id": "", "name": "ce1a6009f013eafecbe13d72bee044c546654dad3805b7d2744d453e6544ecc8" }, { "id": "", "name": "bdb0e1f2582547fdc64a656a813b0e67f8819f96918050f6114b159d7ca7fd69" }, { "id": "", "name": "bd21360149904ce42c6927d9c3fb482316f2537a4a7bce8b64990428e27a54ac" }, { "id": "", "name": "b7f63771d24f07f5ce30f2a9f8895b815e47ab01a1e3c09322f55c16f140e041" }, { "id": "", "name": "b07ffbd8eed8dc989db1c58d84d3f8b9d57fb6a7b5f30af6d982e2bd4da0e696" }, { "id": "", "name": "aefab9c1959c5cb86fd656d9ea2148c584cae543ac203dd2ae4467a36382586a" }, { "id": "", "name": "ab376fbec6ca90c8cac2fd4ec92c564638bde0e6737a48f687b5367c51f49a0b" }, { "id": "", "name": "aaf6e40848b904e664cdfbefa1e42870c3e42387471a03361e4fd0781943a032" }, { "id": "", "name": "a3fc5447a9638a3469bab591d6f94ee2bc9c61fc12fd367317eec60f46955859" }, { "id": "", "name": "9fa4d8a68d6f231577d62d560d110a66fd3f311cc8dcb1b4b10a50632d03ad1d" }, { "id": "", "name": "9e3334afa4a951c7e6eacc2ce16637919eb113ac1ca5527ece7140ae1f364e76" }, { "id": "", "name": "9bbe83ec13fc6397ddb69c47a3266ae39b3204d68674b529170bc6b56bcbdfcc" }, { "id": "", "name": "987a94fbe252da32dfb83daeb52d5636bd61d4b88fb45e9a97b79df3c03edcb8" }, { "id": "", "name": "95176fc574f3d707e68965690826759260c5867e865b19a000bebb20a01a2e0a" }, { "id": "", "name": "8f1960939eee8d0689cc07613189f27054beff96e8740045de88fa1b6764b5b5" }, { "id": "", "name": "88450ae2c0c19d2a3a54e7b2c029998ed3daf68e78fbd664aea50c7ed582f544" }, { "id": "", "name": "7e0d909c934620140db7d53e2caefdd58866484cb049f876f8a8428e6334618a" }, { "id": "", "name": "76cf960146bf07ad8b459ceb401a35ed37c98cb4e84ace329595b5b0f3955d3a" }, { "id": "", "name": "6ec7acd0ff0980b88801d5eed7dfe69d6349f2044bd5e1768f6d1ed7f403e43e" }, { "id": "", "name": "6ec07c1d2dc566d59a7576cc4a89c605bcfc8abd414c77338c940fb8e3ed5f1a" }, { "id": "", "name": "6c6cde420ea1b48c2f070ae139a71294b3c4c6c768da4279e4fe3bd2a9ff1885" }, { "id": "", "name": "6aa61426d77da6674efdf6f7d139b4ccd9eebf4afb86831b79da0b8913ba89d8" }, { "id": "", "name": "69b373084e47cbb54a9003ae2435adb49f184bfa11989a2800700da22a153dff" }, { "id": "", "name": "5f52dc64c6d56287abcdd16d1e2a42db1a4bccc43263cbc259d881fc709242b9" }, { "id": "", "name": "5d3a41e2c6b854d12b70cea9000cafe1f3877bbccc51ca20f29da2e47f79a088" }, { "id": "", "name": "5cbd51bbd10008b92fe490a6fa87339dd3d0f57fce82d10dc4fa0566133ac94d" }, { "id": "", "name": "5c839e560530a7a4077baa16294cc9dc404f98a42c004f2013903543383af669" }, { "id": "", "name": "5c21b5d1eb58367cb1ac189d383a7f0eb1e8d00d6722712897eb2efdbc670d1d" }, { "id": "", "name": "5adc11546db45ab8e57f9bc2808b46898dc7eef179ccbf963552b694f0ec61b6" }, { "id": "", "name": "5964e5c15ea512ea3208109d7175e6b43c5f85a77de95f44d3dc81e1940f94e3" }, { "id": "", "name": "57c92ed1e87dda6091903e1360c065e594576e2125f5d45f159269b0bef47f32" }, { "id": "", "name": "5485bafd43f2f3865f18e74a14a00a433971cdc5b50c357bd0307179e0187e3d" }, { "id": "", "name": "458ef97817fa4537ff9a4b73844260e4a9951ec4e7e4b4d3c13240bb8675764b" }, { "id": "", "name": "42222692739edf910e1e25310923ddfbbea465a69b6d9e5ec01091c5aa0aee0f" }, { "id": "", "name": "3c702aa9c7e0f2e6557f3f4ac129afd2ad4cfa2b027d6f4a357c02d4185359c4" }, { "id": "", "name": "3b32696ebac176a898f277bb662099deebecf7216dae942e610dc8b7b3dd4c48" }, { "id": "", "name": "3a2b1f97a47e63d48f8955311f18664aa2c5e5a865ec6f43d8943b81eefd5a65" }, { "id": "", "name": "2fe2d16e51488337de25bb02c7ca4a06e2b7e3229cd2af9903db7c9efdf88e31" }, { "id": "", "name": "2f66690072dae1ca203e8c93330fccb8b5ccf8b8c9cce747250a11096d551794" }, { "id": "", "name": "2e4de114ad10967f1807f317f476290dc0045bdfa9395553d1b443ef9f905018" }, { "id": "", "name": "2e06a801c4bdfca8061c04dea3a43b0fd3b883b96f32dd901a076be786d466e6" }, { "id": "", "name": "2ce20ceb2aaa24de8d3d7714bf87cef90b9cc90a21234d0b7cc78f22d9d5d5c1" }, { "id": "", "name": "25d1fd2706c39edeb453a30fbca7561142978468d3e94efa0982504d60b06757" }, { "id": "", "name": "232006ef149a2dcc150d765a3b330317d5e62f21391c1f355fba4a833a9dd49f" }, { "id": "", "name": "2221b218ad03b615683941d11bd8085ca87b7b576bc5d1a6c720a0eb223d4405" }, { "id": "", "name": "189b0ba8c61740d5ad1c802649718958a86f5b7a8c8e795dc2e990909a9ab88a" }, { "id": "", "name": "14fb07941492c7f014435633a02bf14761d91d1df3023fa0dd4c3210e80554b7" }, { "id": "", "name": "13698b05960edbda52fa8f4836526f27e8fc519ca0f4a7bc776990568523113e" }, { "id": "", "name": "10640dcc67b3e2e4a6dbbfdb2fab981de4676d57f9f093af3cfb6f4f8351baf6" }, { "id": "", "name": "0faaec07a598784fc76caa5254307a01383b229397e271020f319be84c7b8bf9" }, { "id": "", "name": "0a15e90c062bf6137336beba0ec480af8f370ceaedca3e1ff76cd131f2e54927" }, { "id": "", "name": "031682d2f69322a68cd13d0e380cf149199b20755c6e08f4fb7b41d27a5378f0" } ], "malware": [ { "id": "legacy:malware:e771a43e34f1729d", "name": "TamperedChef", "slug": "tamperedchef" } ], "attack_patterns": [ { "id": "1e73eaa9-ea78-444b-b3a3-5842f5d35115", "name": "T1074" }, { "id": "5999052b-e9ae-49e8-9235-d9bf975c22af", "name": "T1547.001" }, { "id": "667462db-9031-48eb-893a-05d35f9330a7", "name": "T1056.001" }, { "id": "a72b6e11-a5d5-4f5a-8f0d-8861e90c34f7", "name": "T1555" }, { "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6", "name": "T1204.002" }, { "id": "97d377d8-89c7-48f8-a79f-0f48bd60df74", "name": "T1005" }, { "id": "29398669-98ed-4766-9dac-f9632f7175ff", "name": "T1518" }, { "id": "70616b2f-4019-4963-b758-5d9f6f20e201", "name": "T1082" }, { "id": "c473a756-355a-42ad-a0df-cd3a8fa006d1", "name": "T1057" }, { "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571", "name": "T1105" }, { "id": "45082a8e-9c79-470e-ad1b-decac7188e8f", "name": "T1083" }, { "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e", "name": "T1071" }, { "id": "870bd958-53a3-4d25-9f23-00aa8bd6674d", "name": "T1102" }, { "id": "c3af9fd7-d307-4df4-9220-cc627938fb85", "name": "T1055" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ] }, "external_refs": [ "https://www.truesec.com/hub/blog/tamperedchef-the-bad-pdf-editor", "https://otx.alienvault.com/pulse/68b05ada69e45706752086fa" ] }