TamperedChef Malware Steals Credentials via Fake PDF Editor

A sophisticated malware campaign dubbed "TamperedChef" is infiltrating corporate networks using malicious advertising to promote trojanized productivity tools. The primary decoy, a fully functional PDF editor, operates undetected for months before activating to steal browser-stored credentials. This malware uses advanced evasion techniques, including valid digital signatures and hidden code, to bypass security controls and establish persistence on infected systems. After exfiltrating sensitive data, the attackers attempt to cover their tracks by releasing "clean" versions of the app. Researchers warn that the threat actors are already developing new decoy tools, continuing the campaign under a different guise.

Latest mentioned: 10-06

Earliest mentioned: 09-29

Sources

gbhackers.com securityonline.info cybersum.net

Also Read

WordPress WooCommerce Sites Targeted by Sophisticated Malware

The Wordfence Threat Intelligence Team has uncovered a sophisticated malware campaign targeting WordPress e-commerce sites using the WooCommerce plugin. The malware, disguised as legitimate plugins like 'jwt-log-pro' and 'cron-environment-advanced,' hides malicious payloads inside fake images and evades detection through custom encryption. It logs users with high privileges, intercepts login credentials, and establishes a backdoor for remote command access. The malware is attributed to Magecart Group 12, known for credit card skimming operations. The campaign has compromised over 25,000 IP addresses, primarily in Southeast Asia and North America, with a focus on network video recorders and routers.

10-31Read more →