CYBERSECURITY researchers have identified a global operation distributing trojanized software to corporate networks, significantly impacting over half of monitored customers. Known as the Tampered Chef malware, these deceptive applications masquerade as legitimate business tools, making detection by standard security infrastructure challenging. The malware is embedded in commonly used programs such as PDF editors and calendars, luring unsuspecting users into downloads through professional-looking websites.
Two main infrastructure groups involved are CL-CRI-1089 and CL-UNK-1090, the latter demonstrating integration between code creators and advertising firms. Threat actors invest heavily in legitimate code-signing certificates, spending over $10,000 to avoid detection. The malware employs malvertising tactics, executing harmful payloads after dormancy, leading to severe risks related to data integrity. Organizations are urged to enhance monitoring of their systems to prevent infections.