Global Malvertising Campaign TamperedChef Uncovered

Acronis’ Threat Research Unit has exposed a global malvertising and SEO-poisoning campaign called TamperedChef. This campaign distributes trojanized applications signed with certificates from shell companies, targeting multiple industries. The fake applications deploy scheduled tasks and obfuscated JavaScript backdoors for remote access and long-term control. The campaign has been active for a prolonged period, with most victims in the Americas, particularly affecting healthcare, construction, and manufacturing sectors.