Google Ads Pushed TamperedChef PDF Infostealer

A newly uncovered malvertising campaign shows how Google Ads pushed TamperedChef malware through deceptive PDF editing tools disguised as legitimate software. The campaign began in June 2025 when threat actors registered fake websites and lured users searching for appliance manuals and document tools. Victims downloaded a trojanized program, AppSuite PDF Editor, which silently deployed a potent infostealer.

Researchers at Sophos identified over 100 affected systems, mainly in Germany, France, and the UK. The malware staged a delayed attack, laying dormant for 56 days before activating in late August. It harvested browser credentials using highly obfuscated code and established persistence through scheduled tasks and registry entries.

Attackers signed malicious files with valid certificates from Malaysian and U.S.-based entities, bypassing Windows defenses. TamperedChef’s success highlights how cybercriminals exploit common search behaviors and ad platforms. As this threat expands across 19 countries, organizations must remain alert to how google ads pushed TamperedChef into widespread circulation.

Read the full report at: https://cybersecuritynews.com/threat-actors-leverage-google-ads/