TamperedChef Malware Abuses Signed Productivity Apps To Deliver Stealers

TamperedChef is a large-scale malvertising campaign that lures victims to professionally faked download sites for productivity tools (AppSuite PDF, Calendaromatic, OneZip, CrystalPDF) which are trojanized and digitally signed by shell companies; once installed they use scheduled tasks and obfuscated JavaScript (including Neutralino.js) to fetch RATs, browser hijackers, and credential stealers and exfiltrate data via AES-encrypted channels, with researchers tracking over 4,000 distinct samples and multiple code-signing entities.