Cyber Crime Campaign for AppSuite PDF Editor

WatchGuard observed a malicious campaign distributing a weaponized 'AppSuite PDF Editor' MSI via Google ads and a phishing hosting URL. The installer (appsuite-pdf.msi) creates a Run registry persistence entry, executes the program with a --cm argument to trigger callbacks that deploy the 'Tamperedchef' information stealer and an obfuscated JavaScript payload, and includes a modified elevate.exe; MSI hashes and the hosting URL are provided as IOCs.