ManualFinderApp.exe infostealer and backdoor activity
Malware Activity
Summary
Hide ▲
Show ▼
The ManualFinderApp.exe payload is being used as an infostealer/backdoor that harvests browser-stored data and opens C2 exfiltration paths, increasing credential-theft and remote-access risk on infected systems.
Related Happenings
Medusa ransomware post-compromise deployment
Malware Activity
First: 07.04.2026 09:35
Last: 07.04.2026 09:35
Sources 1
About this happening:
**Medusa ransomware** is being deployed rapidly after initial access, turning intrusions into fast-moving extortion events and shrinking defenders' response time. The malware acti...
Medusa ransomware post-compromise deployment
Malware ActivityAbout this happening: **Medusa ransomware** is being deployed rapidly after initial access, turning intrusions into fast-moving extortion events and shrinking defenders' response time. The malware acti...
RedAlert app impersonation mobile surveillance malware delivery
Malware Activity
First: 04.03.2026 19:21
Last: 04.03.2026 19:21
Sources 1
About this happening:
An **active SMS phishing** operation is using a **rogue RedAlert app** to distribute **mobile surveillance** and **data-exfiltrating malware**, putting conflict-time mobile users...
RedAlert app impersonation mobile surveillance malware delivery
Malware ActivityAbout this happening: An **active SMS phishing** operation is using a **rogue RedAlert app** to distribute **mobile surveillance** and **data-exfiltrating malware**, putting conflict-time mobile users...
Remcos RAT variant with real-time surveillance and evasion
Malware Activity
First: 19.02.2026 18:30
Last: 19.02.2026 18:30
Sources 1
About this happening:
A newly observed **Remcos RAT** variant now enables **real-time surveillance** on compromised **Windows** systems, increasing the risk of immediate **webcam monitoring** and **liv...
Remcos RAT variant with real-time surveillance and evasion
Malware ActivityAbout this happening: A newly observed **Remcos RAT** variant now enables **real-time surveillance** on compromised **Windows** systems, increasing the risk of immediate **webcam monitoring** and **liv...
AI as a C2 proxy abuse of Microsoft Copilot and xAI Grok browsing channels
Technical Analysis
First: 17.02.2026 20:08
Last: 17.02.2026 20:08
Sources 1
About this happening:
Researchers disclosed **AI as a C2 proxy**, a technique that can turn **Microsoft Copilot** and **xAI Grok** browsing features into stealthy **command-and-control relays**, increa...
AI as a C2 proxy abuse of Microsoft Copilot and xAI Grok browsing channels
Technical AnalysisAbout this happening: Researchers disclosed **AI as a C2 proxy**, a technique that can turn **Microsoft Copilot** and **xAI Grok** browsing features into stealthy **command-and-control relays**, increa...
ModeloRAT DNS-delivered malware staging
Malware Activity
First: 16.02.2026 02:29
Last: 16.02.2026 02:29
Sources 1
About this happening:
**ModeloRAT** is now being delivered through a **DNS-based staging chain**, increasing the chance that malicious traffic blends into ordinary name-resolution activity. In the obse...
ModeloRAT DNS-delivered malware staging
Malware ActivityAbout this happening: **ModeloRAT** is now being delivered through a **DNS-based staging chain**, increasing the chance that malicious traffic blends into ordinary name-resolution activity. In the obse...
Timeline
-
16.01.2026 14:05 2 articles · 4mo ago
TamperedChef malvertising delivers ManualFinderApp.exe infostealer
Technical Analysis UpdateTamperedChef uses malicious search ads to steer users looking for appliance manuals or PDF editing software to trojanized downloads, including ManualFinderApp.exe, a trojanized application that functions as an infostealer and backdoor. Sophos says the campaign has spread across Europe, with organizations in Germany, the UK and France most commonly hit, and that malicious behavior is delayed for 56 days after download to help avoid detection and maintain persistence.
Show sources
- TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals — www.infosecurity-magazine.com — 16.01.2026 14:05
- TamperedChef Malvertising Campaign Drops Malware via Fake PDF Manuals — www.infosecurity-magazine.com — 16.01.2026 14:05