TamperedChef: Global Malvertising Campaign Uncovered

Acronis’ Threat Research Unit has exposed a global malvertising campaign, TamperedChef, distributing trojanized applications through malvertising and SEO-poisoning. These fake applications, signed with certificates from shell companies, deploy scheduled tasks and JavaScript backdoors for remote access and long-term control. The campaign targets multiple industries, including healthcare, construction, and manufacturing, with a significant number of victims in the Americas. The threat actors operate with a highly organized infrastructure, using a network of shell companies to acquire and rotate code-signing certificates.

Latest mentioned: 11-24

Earliest mentioned: 11-20

Sources

securityonline.info gbhackers.com

Also Read

Contagious Interview Campaign Floods npm with Malicious Packages

Threat actors behind the Contagious Interview campaign have continued to infiltrate the npm registry with 197 more malicious packages since last month. These packages, designed to deliver a variant of OtterCookie, have been downloaded over 31,000 times. The malware evades sandboxes, profiles the machine, and establishes a command-and-control channel to steal sensitive data. The campaign targets blockchain and Web3 developers through fake job interviews and test assignments.

11-29Read more →