The National Computer Emergency Response Team (NCERT) has issued a cybersecurity alert about a malicious PDF application spreading online. The software, disguised as AppSuite PDF Editor, is identified as TamperedChef.
TamperedChef has been active since August 21, 2025, and targets both public and private organizations. It uses remote JavaScript-based updates to steal sensitive data, communicate with command-and-control (C2) servers, and deploy secondary threats such as spyware and ransomware.
The malware spreads through phishing emails, cracked software bundles, and malicious advertisements. Users are tricked into downloading the infected installer, which can then access system credentials, cookies, and documents. It can also modify registry settings to maintain persistence on Windows systems.
NCERT warned that the malicious PDF app poses a high risk to enterprise and government networks. It can serve as an entry point for advanced persistent threats (APTs), enabling large-scale intrusions and data theft. The malware mainly affects unpatched devices or systems without strong antivirus protection.
The advisory highlighted the malware’s potential impacts, including data breaches, unauthorized modification of PDF files, system disruptions, and ransomware attacks. TamperedChef communicates with domains like editor-update[.]com and pdfsuite-sync[.]net, which act as C2 servers controlling infected systems.
Organizations are advised to monitor unusual file activity, unauthorized registry changes, and network connections to suspicious IPs such as 185.92.223[.]14 and 103.89.77[.]6. Signs of infection include PDF file changes, browser crashes, and encrypted data transfers.
NCERT recommended mitigation steps including blocking IOCs at firewalls, enforcing AppLocker restrictions, and updating operating systems and software libraries. Multi-factor authentication, phishing awareness, and updated endpoint protection tools are also encouraged.
The agency urged organizations to integrate this threat into enterprise risk models and strengthen supply-chain security. Early detection and prompt containment are essential to prevent large-scale breaches caused by the malicious PDF malware.
In other related news also read Pakistan And Malaysia Agree To Strengthen Halal And Tech Trade Ties
