Government Issues Warning Over Malware Hidden in Fake PDF Editor Software
Pakistan’s National Computer Emergency Response Team (National CERT) has issued a cybersecurity advisory warning organizations and individuals about a malware campaign linked to a trojanized version of “App Suite PDF Editor” that can compromise systems and steal sensitive information.
According to the advisory, the malware, identified as “Tempered Chef,” is designed to infiltrate devices through compromised PDF editing software and establish communication with command-and-control servers operated by attackers. Once installed, it can collect login credentials, browser cookies, documents and detailed system information from infected machines.
National CERT said the malware is capable of terminating web browsers, evading detection mechanisms and downloading additional malicious software, including spyware and ransomware, significantly increasing the risk to affected users and organizations.
he advisory noted that the malware is primarily being distributed through phishing emails, fake online advertisements, cracked software packages and infected USB storage devices. Users who download free or pirated PDF editing tools from unverified sources face the highest risk, particularly those using outdated or inadequately secured Windows systems.
As part of its warning, National CERT shared multiple Indicators of Compromise (IOCs), including suspicious domains, IP addresses, registry entries and file paths associated with the malware. Organizations have been advised to immediately block these indicators through firewalls and intrusion detection systems and restrict application execution from AppData and Temp directories.
The agency further urged public and private sector entities to strengthen cybersecurity defenses through multi-factor authentication, endpoint protection solutions and system hardening measures. It also recommended isolating infected devices, resetting potentially compromised credentials and reviewing backup systems to reduce the risk of ransomware-related disruptions.
The latest advisory comes as cybercriminals increasingly use trojanized software and fake productivity tools to target users, making software downloads from trusted and verified sources a critical part of cybersecurity protection.
