Threat actors are using Google ad campaigns to distribute a PDF editing app that delivers the TamperedChef infostealer malware. This operation involves multiple domains, fraudulent certificates, and the use of residential proxies to maximize infection and data theft. #TamperedChef #AppSuitePDFEditor
Keypoints
- Cybercriminals promote fake PDF editors through Google ads to spread malware.
- The TamperedChef infostealer is activated after a delay, targeting sensitive information.
- Over 50 domains host the malicious app, signed with fraudulent certificates from multiple companies.
- The campaign includes the use of residential proxies and other malicious tools like OneStart.
- Despite certificate revocation, the threat persists with dangerous capabilities behaving as malware.