Our team wants to make you MoreAware of a growing trend: malware attacks targeting PDF tools.

What’s happening?:

On August 27, 2025, cybersecurity researchers at Truesec uncovered a malvertising campaign abusing Google Ads to promote fraudulent websites. These sites lured victims into downloading a fake PDF utility named “AppSuite PDF Editor,” which delivered an information-stealing malware dubbed TamperedChef.

TamperedChef is designed to harvest sensitive data such as browser cookies and stored credentials. It can remain dormant for up to 56 days before activating. This is a tactic to bypass detection and align with the typical 60-day lifecycle of Google Ads campaigns.

Other malicious PDF tools observed include PDFSparkWare, SparkonSoft, and OneBrowser.

Why this matters:

Malware disguised as productivity tools is becoming more sophisticated. Attackers exploit trust in common file formats like PDFs to gain access to sensitive data. Staying vigilant is the best defense. We’re not here to alarm you; our goal is to keep you informed and proactive about this emerging threat.

Immediate actions for users:

• Verify software sources – Download only from official vendor sites or reputable app stores.

• Check digital signatures – Ensure certificates are issued to legitimate publishers.

• Audit browser-stored credentials – Remove unnecessary saved logins.

• Enable multi-factor authentication (MFA) – Mitigate the impact of stolen credentials.

• Use dedicated password managers – Replace browser-stored passwords with secure tools.

• Restrict unverified downloads – Enforce policies against installing free or untrusted software.

• Ask about installing a verified ad blocker in your browser.

Our recommendation:

• Use Adobe Reader only as your PDF viewer. We install this on all new workstations during onboarding. If your team is missing Adobe Reader, send us a helpdesk ticket and we’ll resolve it quickly.

• If you are needing a PDF editor, please reach out to your supervisor and consult with us to get you the secure software you need.

• Avoid downloading PDF tools from ads or unfamiliar sources. Even if they appear in Google Ads, they may be malicious.

Always reach out to us if you have questions or concerns. And please share this with the rest of your team! We’re here to help keep your network secure. Thank you for partnering with us to protect your systems!