New 'TamperedChef' malware poses a sneaky threat

A new cybercrime campaign is spreading a data-stealing malware called "TamperedChef" through malvertising.

 

 Threat actors are using deceptive Google Ads to promote fake websites offering a seemingly legitimate "AppSuite PDF Editor."

 

When a user downloads and installs the software, the malware lies dormant for weeks, a tactic that allows it to bypass initial security checks.

 

After a period of up to 56 days, the malware is activated remotely. It then terminates web browsers and steals sensitive data, including credentials and, most critically, web cookies.

 

The theft of cookies is a particularly dangerous feature as it allows attackers to bypass multi-factor authentication (MFA) and hijack active user sessions, gaining unauthorized access to corporate and cloud accounts.

 

 The campaign’s sophisticated evasion techniques and exploitation of user trust highlight a growing threat, emphasizing the need for robust endpoint security and continuous employee education on the dangers of suspicious online advertisements.