Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

TamperedChef infostealer delivered via fraudulent AppSuite PDF Editor sites

Malware Activity
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The TamperedChef infostealer was distributed through fraudulent AppSuite PDF Editor websites and later activated by an update that enabled credential and web cookie theft. The operation used Google ads, more than 50 domains, and delayed activation until August 21, 2025 after starting on June 26. The malware’s behavior expanded from a benign-looking installer to active data theft, increasing risk for users who downloaded the fake PDF editor.

Related Happenings

Adobe Reader zero-day exploited via malicious PDFs security flaw

Vulnerability
First: 09.04.2026 12:22 Last: 09.04.2026 12:22 Sources 1

About this happening: **Adobe Reader** is facing an **actively exploited zero-day** delivered through **malicious PDF documents** and observed since at least **December**. The flaw works on the **lates...

Latest development: 13.04.2026 18:37

Adobe released an emergency security update for Acrobat Reader to fix CVE-2026-34621 after zero-day exploitation in malicious PDF files. The bulletin says Acrobat DC versions 26.001.21367 and earlier, Acrobat Reader DC versions 26.001.21367 and earlier, and Acrobat 2024 versions 24.001.30356 and earlier are affected, and Adobe recommends updating through Help > Check for Updates or the official installer.

Open Happening

SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases

Malware Activity
First: 03.04.2026 12:10 Last: 03.04.2026 12:10 Sources 1

About this happening: The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...

Open Happening

TamperedChef malvertising campaign distributing backdoor malware through trojanized PDFs

Campaign
First: 16.01.2026 14:05 Last: 16.01.2026 14:05 Sources 1

How related: The researchers discovered that the malware was delivered through multiple websites that promoted a free tool called AppSuite PDF Editor.

About this happening: The **TamperedChef** campaign is a **malvertising** operation that used **Google ads** and **more than 50 domains** to push a fake **AppSuite PDF Editor** and deliver the **Tamper...

Open Happening

Malicious NuGet supply-chain campaign targeting crypto tools and Google Ads OAuth

Campaign
First: 22.12.2025 18:28 Last: 22.12.2025 18:28 Sources 1

About this happening: **14 malicious NuGet packages** were published to impersonate crypto tooling and **redirect funds or steal private keys, seed phrases, and Google Ads OAuth data**, creating a supp...

Open Happening

TamperedChef global malvertising campaign

Campaign
First: 20.11.2025 06:06 Last: 20.11.2025 06:06 Sources 1

About this happening: The **TamperedChef** campaign is actively using **bogus installers** and **malvertising** to deliver malware, putting users searching for software downloads or product manuals at...

Open Happening

Timeline

  1. 30.08.2025 19:22 1 articles · 9mo ago

    VirusTotal verifies malicious AppSuite PDF Editor installer

    Detection Ioc Update

    The malicious AppSuite PDF Editor installer was verified through VirusTotal on May 15, indicating the file was already being identified as suspicious before the broader campaign activated its payload.

    Show sources
    Open in new tab
  2. 30.08.2025 19:22 2 articles · 9mo ago

    Fake AppSuite PDF Editor campaign begins on June 26

    Campaign Scope Update

    Internet records show the campaign began on June 26, when many of the involved websites were registered or started advertising AppSuite PDF Editor, marking the start of the wider distribution effort.

    Show sources
    Open in new tab
  3. 30.08.2025 19:22 1 articles · 9mo ago

    AppSuite PDF Editor update activates TamperedChef credential theft

    Technical Analysis Update

    On August 21, AppSuite PDF Editor received an update that turned on malicious capabilities in TamperedChef, including collection of credentials and web cookies, with delivery using the -fullupdate argument and browser database access through DPAPI.

    Show sources
    Open in new tab
  4. 30.08.2025 19:22 1 articles · 9mo ago

    Google ads push fake AppSuite PDF Editor across more than 50 domains

    Initial Disclosure

    A broader campaign used Google ads and multiple websites to distribute a convincing AppSuite PDF Editor that delivered TamperedChef, with more than 50 domains hosting deceiving apps signed by fraudulent certificates from at least four companies.

    Show sources
    Open in new tab