Trending: APT28 Hackers Exploit New Microsoft Office Flaw in Cyber AttacksThe API Management Market Is on a High-Speed Growth TrackHow Open Banking APIs Are Reshaping the Financial Services EcosystemCommunity Cloud Explained: The Secure Cloud Model You’re MissingAnthropic Expands Claude Cowork with Custom Plugins and Smarter AutomationMedia Personalization to Shift with AI, New Report PredictsMicrosoft Teams Adds Call Reporting to Counter Voice ScamsEcommerce Leaders Turn to AI as Rising Costs and Expectations MountAI Reshapes Security Operations Center WorkflowsRobo.ai Enters Strategic Joint venture With Tachyon9 to Expand AI InfrastructureGoogle Brings Personal Intelligence to AI Search ModeAnthropic Updates Claude’s Constitution—and Sparks AI Consciousness TalkEU Unveils New Measures to Boost Cybersecurity ResilienceTodoist Ramble Turns Natural Speech into Actionable TasksFake Google Ads Push Weaponized PDF Editor via TamperedChefFive Rogue Chrome Extensions Enable Full Platform TakeoverWithCoverage Secures $42M to Reinvent Insurance BrokingMediDrive Invests in SPRYT to Expand AI Care AccessAngular Flaw Lets Hackers Run Malicious PayloadsWhy Data Governance Has Become Mission-Critical for BanksCisco Customers Share Insights on AI-Driven TransformationEthereum Boosts Data Capacity by 40% in UpgradeNTT DOCOMO GLOBAL, Accenture Launch Universal WalletNew ‘Brutus’ Tool Targets Fortinet in Brute-Force AttacksHP Redefines the Desk for the Future of WorkKimwolf Botnet Hijacks 2M Devices as Proxy NetworkRed Hat Boosts AI Trust with Chatterbox Labs DealGoogle to Retire Dark Web Monitoring Tool in 2026AI to Become a True Workplace Teammate by 2026Google Cloud’s AI Powers GenAI.mil in Groundbreaking DealNext.js Launches Scanner to Fix Dangerous React2Shell BugGenerative AI Adoption Reveals Rising Global Divides, Cisco–OECD Study FindsAccenture Backs WEVO to Power Customer-Led GrowthVeeva Rolls Out AI Agents to Transform Productivity & CXGoldFactory Surge: 11,000 Phones Hit by Fake Banking AppsMarvell Acquires Celestial AI to Power Next-Gen Data CentersCapgemini Unveils AI Agents to Guide Youth into Green CareersOpenAI Reveals Mixpanel Breach Impacting API User DataMore Patient Data Makes AI Scribes Sharper, Study FindsHPE Unveils Olivia, Norway’s Most Powerful SupercomputerVodacom Partners with Google Cloud to Accelerate Africa’s AI PushCISA Flags Surge in Spyware Targeting Signal, WhatsAppOCC Taps AWS GenAI to Turbocharge Developer ProductivityGoogle Rolls Out New AI Safety Tools to Block ScamsGoogle Unveils New Winschoten Data Center to Power AI in NetherlandsHealthcare IT Leaders Shift Strategy on Device Security70% of Marketers Say Agentic AI Will Transform IndustryIBM Storage Scale 6000 Breaks Data Barriers for AILevi’s Teams Up with Microsoft to Build Next-Gen SuperagentHackers Hijack MCP Server to Inject Code and Steal ControlRemini Surges to 1.16M Installs After Google AI UpgradeHackers Weaponize Anthropic’s AI for Automated Cyber EspionageAmazon Reveals Zero-Day Exploits Targeting Cisco ISE and Citrix NetScalerBanks and Insurers Turn to AI Agents for Fraud DefenseMSK Express Adds Intelligent Rebalancing—Free and AutomaticNeuron7 Merges Deterministic AI and Reasoning to Eliminate Agent HallucinationsCisco Unveils Massive AI Growth Opportunity at Partner SummitFortinet, SentinelOne, and CrowdStrike Unleash Next-Gen AI SecurityGoogle Cloud and Beckn Labs Launch Beckn Onix to Accelerate Open NetworksAutonomous AI Redefining the Future of Intelligent AutomationIBM’s New AI Accelerator Is Revolutionizing Supply Chains!Europe’s Bold Move: Taking Back Control of AI PowerBADCANDY Hits Cisco IOS XE, ASD Sounds AlarmAnthill Cloud Revolutionizes Pharma Marketing with AIIBM Japan Unveils Solution to Tackle 47-Day SSL/TLS RuleCisco and NVIDIA Partner to Advance AI-Powered NetworkingGoogle Upgrades NotebookLM with Smarter AI FeaturesAutomation Anywhere Revamps Customer Support with AIHow the Entry/Exit System Integrates AI, Biometrics, and Data Governance?Accenture Unveils Physical AI Orchestrator for IndustryBlueNoroff Uses AI Tools to Target ExecutivesMicrosoft Issues Emergency WSUS Security PatchG42 Shares Progress on Stargate UAE AI ClusterAI Chips: Driving High-Performance Computing and Strategic AI Deployment Across EnterprisesF5 Patches Multiple Products After Security BreachMeta Begins Construction of New AI Data Center in TexasWilliams-Sonoma Adopts Salesforce Agentforce 360Entry/Exit System (EES) Optimizes Travelers’ Data SecurityRust Malware “ChaosBot” Exploits Discord for ControlGap Inc. Leverages Google AI to Transform RetailCisco Unveils 51.2T Router for Scalable AI WorkloadsIBM Launches New AI Tools to Boost Enterprise OperationsSnowflake Launches Cortex AI for Financial ServicesMicrosoft Expands Azure AI Foundry with Latest OpenAI Models and Agentic AI ToolsKyndryl Unveils Advanced Agentic AI for Business ScalingIntel 471 Unveils Updated Cyber Intelligence HandbookMastercard Launches Digital Ambassadors Forum to Shape Future of Global Digital GovernanceAccenture Secures Aidemy Acquisition via Tender OfferAgentforce Transforms Life Sciences Engagement; Fidia AdoptsSalesforce Launches MuleSoft Agent Fabric to Tackle Rising AI Agent SprawlMicrosoft Blocks AI-Obfuscated Phishing CampaignMassRobotics, AWS & NVIDIA Launch Physical AI FellowshipMorse Micro Mass Produces MM8108 Wi-Fi HaLow SoC & KitsHuawei Launches Most Powerful SuperPoDs, ClustersHyperconverged vs. Composable Infrastructure: What Fits Your Data Center?Visa and TECH5 Join Forces on Global Digital IdentityCybersecurity Best Practices to Protect Financial Data in CloudCisco Releases Patches for IOS XR Security FlawsUCaaS Solutions: Transform How Your Teams Connect & CollaborateProteanTecs Secures $51M to Advance Chip Performance MonitoringPredictive Modeling: Key Applications and InsightsOpenAI and Oracle Ink $300B Cloud Deal to Accelerate AI Growth
blog-image

Fake Google Ads Push Weaponized PDF Editor via TamperedChef

Threat actors abuse Google Ads to distribute a trojanized PDF editor, deploying TamperedChef malware to compromise user systems.

Windows users around the world are seriously threatened by a malvertising campaign that was discovered in September 2025.

In order to spread the deadly information-stealing virus known as TamperedChef, attackers made phony PDF editing programs and advertised them via Google Ads.

By taking advantage of popular search behaviors, the malware targets individuals looking for appliance manuals and PDF editing tools online, spreading silently throughout many businesses and geographical areas.

On June 26, 2025, threat actors launched many look-alike websites advertising a trojanized program called AppSuite PDF Editor, marking the official start of the operation.

Although users thought they were installing trustworthy software, the installer really included malicious malware that was concealed and intended to capture private browser information.

The timing of this attack is especially misleading; the virus was dormant for around 56 days, which corresponds with the regular cycles of advertising campaigns.

The malware was able to infect as many machines as possible before exhibiting dangerous behavior because of this calculated delay. TamperedChef’s infection method exhibits complex multi-stage distribution strategies intended to avoid discovery.

On websites like Google and Bing, users start by clicking on malicious ads that show up in search results.

They download the Appsuite-PDF.msi installer from these advertisements, which take users to fraudulent websites like fullpdf.com and pdftraining.com, compromising security.

This file dumps an obfuscated JavaScript file, another executable, and a setup executable named PDFEditorSetup.exe when it is executed.

In order to ensure that the virus endures system restarts, PDFEditorSetup.exe then quietly develops persistence by generating registry entries and Windows scheduled tasks.

Lastly, the installer launches PDF Editor.exe, the infostealer component itself, which started collecting browser passwords, cookies, and autofill data on August 21, 2025.

By misusing valid code-signing certificates from US- and Malaysian-registered organizations, the attackers improved their operation even more. This allowed their malicious files to evade Windows SmartScreen security and seem reliable to gullible consumers.

This multi-layered infection process demonstrates how contemporary threat actors enhance infection success and reduce early detection by combining malvertising, software interfaces that appear authentic, and system-level evasion strategies.