Cooking up trouble: How TamperedChef uses signed apps to deliver stealthy payloads

Dec. 21, 2025, 6:03 p.m.

Description

The TamperedChef campaign is a global malvertising and SEO operation that distributes seemingly legitimate software with valid code signing to trick users into executing malicious installers. These fake applications mimic common software and establish persistence through scheduled tasks, delivering obfuscated JavaScript payloads for remote access. The campaign uses a network of U.S.-registered shell companies to acquire and rotate code-signing certificates, maintaining trust exploitation. Victims are primarily in the Americas, with a focus on healthcare, construction, and manufacturing industries. The campaign's infrastructure is designed for quick rebuilding after takedowns, using short-term domain registrations and certificate rotations. The attackers' motivations may include selling initial access, credential theft, ransomware staging, or opportunistic espionage.

External References

https://otx.alienvault.com/pulse/6926b00a12a427dc4d783af7
https://www.acronis.com/en/tru/posts/cooking-up-trouble-how-tamperedchef-uses-signed-apps-to-deliver-stealthy-payloads/
Tags
social engineering
malvertising
persistence
javascript
remote access
scheduled tasks
seo
code-signing
javascript payload
2025-11-20
shell companies
2025-11-26
code-signing certificates
signed applications

Date

  • Created: Nov. 26, 2025, 7:45 a.m.
  • Published: Nov. 26, 2025, 7:45 a.m.
  • Modified: Dec. 21, 2025, 6:03 p.m.

Indicators

  • a5187cbb42b0e0dfb747c8fe86638dc68be9915ec112f7f6f72c8f3735489c76
  • a16ecfcf5e6d7742f0e642309c3a0bf84eaf21962e663ce728f44c93ee70a28e
  • d1e85806e7013aa984356dbce28972f11be4860ab4152cd5510dff3388a89b45
  • 71273af47ee2792b68320054ebf44d2dfe4cbe7825c0aedc5a9b65abb5744851
  • e18e59723949ad0a2791e95d4c0ffd7657929e8dc6a0d718598b3aec962f73c2
  • 9f948215b9ee7e7496ce3bc9e46fda56b50cc8905b88535225c7651007f660d5
  • 06555b8bf3bdf36bf36b4e6a4f5298da732207867c57961a1cb14a14f845e25f
  • e498e98578ec27b680fff36768852fa00eea90e4f2de4cdae269a2d523624e36
  • 6c0178a70759eadeb6f88a2c6bc4a217f1aba2ebdadd132610fe86d3994c2a66
  • 9b21cb18aafa50339563af4ae211688846bcb030d43644e251da9d0bad2c9072
  • 1e1cbfe91aa9be47480df265f6b5a0fed2f99116bcaa5e6e98689e3498616f84
  • 840b1e76961836f3af79bf4d0a68d426c764587173a8f308d3e6012393c6a9f8
  • 52d234e085c8bf67fa9d338cc5621f17d4ebe166f180896185e5f28c2655c811
  • 1d2027b35978be2a92f27203941f51d9352d56f3cf83f131f9824a7f0891a692
  • 1925e877ce6492a7d1293f3f6f4dcbc70ca3c74bbf42ae2ba80e1b5a2e0925d1
  • ef4b57bad0d28a65333691e1c27787690d58516a79f9cf2fbe840d69401a1932
  • ef9621f7fe04fd053e58af7d5863780defd1d2948c131d7df3f76bdb46932688
  • 7fe170dc2ca9f333a177d7d2a5f6fee9e674164e7b46b2c2590c49be1aa9fe05
  • 19d61d0a67207debfb21af2bf8774e010796e5d41f986848d63169c68cc7fa86
  • 0abd1e39e17fa99366c8f1cc9171730867b6e86f6362b0492a090170f0305e55
  • b850b218d5cc4cc9c1006399c26cc5ca3f9e2da3a70296fceb6760d1f0dcdf90
  • 9b8bc1df9b891a166de9aefc58fe2ae04fb238f97aa90405617ff9e7501c99a8
  • 218a3a2e60779c4b4f1c83467f93d7b5c405b9acb799b4b2cdaacb7b26cd48a1
  • 8ecd3c8c126be7128bf654456d171284f03e4f212c27e1b33f875b8907a7bc65
  • 1a58c5b8b79f3ed90d43b4d117b01eb32e27b8235d9b3ceda4803a57e6250596
  • bcc9ebce78fdbb1271ff1a2e0def82ec87d6e964a18293e82ec0cdd12856e66b
  • 483657b8b1f3b81540d05842331bc3a564f77f22017ee5abeeffc0e832efcf6f
  • 3697f763980e594c83d708b43c410f753134e83baf33f822bba36133e0b1eafc
  • fccf2c72054e9aa8e5a134854e573b23316a6622631f818695d9c0eb3ca3f1a7
  • bdafb81fa5a41728d578b0682a6e7f9095250161558431184093acc3641573fa
  • 33fb19d5d9c0ca8bea177722807560005c4c2a0533ce3356efdcefc6e93cebff
  • 467876a203eb2c2b01b2d58f1e00271cb6bb75834af08a67e2c69fa0e4788ea5
  • 335a7383867b0da0731968363956d6f31116460b1f9060d0e8c79ff735211733
  • 25575ffd50528952865b2b1df354461148474606c1adc68c0f140e3dcab10362
  • f81b533757f4603f2eae935b8b9f466b2c2e3563f44bd40711afbf8980f45eb2
  • 8fb8d1df307f58db070eb5aa82a3ef3a41512d2aa73278d574ab32e55123488a
  • e340e41da2779a714c2c0590955ade6dc35b3c9246bde5cca8e1cab1b937593c
  • d9a0d3f05ed8efd475f7b76ca3d4ad7d136b274979d2a0abb6ca26d1a2e98512
  • 3c34ec7e666c853465058b96421c018d93e532350547a90a6f68c7db5414a4b1
  • 51d876d638a6155572f8cbd42cdd8ae61c84b1816438bc53eb40534f7a92bb69
  • 0ad487d3bd904ade98b505bdd891d1a19665159b0e579696ac0b6a82e9f80617
  • f0532759ccaa0ea7f0ec8ec3225eb0e6d87cc3ddd1361967f4ea487bff4394bb
  • 2cd68ea7f02e8cfaded52d64c2cb71b64560b3799c948960db37e827618ff22d
  • 035e7dd115afc47704db586a61aa9c189cde7228e752e0491352930f20d97dcc
  • 14577f1a8d5ea9f5f255b456f0f69fe4e3a1cba82d707de28b3ca25410393c17
  • e80291d2827a0abd4ed1c761eaf396f70fe91ce50bdef828e135a8e482af19c3
  • ca96040d8899196ff02592a4c01b595a191f4dd89d4d11be8703645019871d33
  • 82c452855e3d41cb1a3396e8e1aed7e26812f127ef31c93a8f375e1acb458ff5
  • 3826e54318e80e8942bd9b8ab347f560d5dd9741276fec5a26d3eee862516767
  • d799cc1713932e9748ec9d293f831d150e1e345c0e58279cd7c3e49c35e667be
  • d70bc73a61252d5d9fde5593670fa790e4e9611838fd6c74f2b9cab97a5cea0f
  • 6ea919c991b29ac78d80b9b6080c380a3e53813e1a2b0c3e576763a3ec22ef05
  • 7364b8cefd46a8ff918df679066fb8041b98a3e57a09f782ad6f8757fabf56cd
  • 5c8f276286c2b588fb15b72e8b20c051ae84ed26d93187eaea41b3ba8faa8954
  • a67cd1ea41484edfca83f53c1f1c8d21717335e8cff2a00dce1c79ff5b48cb2a
  • d7f2a620429bf104f593ef789aaef0b25afa90b81b5d2285c54eac47dee52aac
  • e7a1d74883e220d92ef024301850c1d56f95bb07fd72e82f4c644b940576d866
  • 822f5dcfe7350d259594d92128ba9fc2b7620aa33b571d8af8a87945d8909026
  • 5a0e37f70f9ce00ba40edfb4e6d11e87ea6bd0edecf6f604029ef98aa2bd33e9
  • d8c2f9f843cb7764d138c5cb74a4a887eadcdfc5af0ab7df805af6f40fe27dc1
  • 3075a2f60611fcfc763059f95f5577999d5bbc39dd33aa9b5b8bc8219c6f2ae4
  • a16cbf9ab535d4ad628b583ec3e026799f38bb50b98c495333302f7b804390ea
  • 113b23c062229aa57dfef68631f85f615e61673024b73cb9c0f5269b712610fa
  • 4d2bb8c9d995d52dd2ef763af7158bd8f7ff6a59c4004ea38ff0eef684c78381
  • 0b90c3ef5bc8918c334638f2f11100a992fafbca7e16934652b70f3b2579131b
  • 3c51ca74e721e5e177c5a8495131d7a65ea6733ea8e8875ba3e1ce0270a136b7
  • d2fbaa89cc5e4e03ecdf7ccfc28fd13230643bfb41a3619fbec64076a2b56a7c
  • 760663fd61c55f112186151721425857a485ec6a1db1b2cb8b41bba9ed40af1e
  • 3cfd405d7e7f3d7af3d9be6387828fc14d6c24be6ea0651e18a8a63f1cd164cb
  • 9f5538afb90dfb0eac126808868a65403a09758b63e3688ef17df1de27782813
  • c0bab2e5718056617a4e6965ba8f8babf04adfb11602301223004e3b786bb779
  • c3a2a5b7d8e4bd8fb571a8104170d930647fa73babcfc414adcdef76fb1a57c4
  • 512735bb19571707ab484cdfdb2cba74f5a8fdd9e415a8ea8ccf5c1f326f9a4e
  • 94fbb9cc3af0d9ec25d415e35ec65491d6182e452265c854e125cfd94227a53d
  • a0dae9b551026295575dcf4b1f668069b8fe8119458e792e8293299a74e79436
  • 80f90b9e563e1cfe981a9faf24c9430198bb15916a2dc5e75d14227a8fab9cb6
  • 091d3bf2f0f6dc08b23151b5acd7cf53217d1ed2812e507d96dc467d9d3092d6
  • d792bc4896854d30b1ea4b2120ec39c4987b4d63802ee0775314f269f138e7f7
  • 21b8c5dabbe910a4c1ada58534e01580eb600a1ab0b8f105e5f8609bdc7f6c42
  • de101b0a881d69ab314e0863845e5f0e62c749eea87a704ecbb3bccb5c0bb1ac
  • c391b1e00a8fcc120605a6e0c4e26c5ec9624b8e194460d34ae0d26efd147847
  • 9a77a653ed5c2ec0f9c00019ef6a5cf6153335fcb636c5e56edc3ccd7ad12cd2
  • 94dc4138bfabf6a3e7cefffc5f5062fe0ac31384bae4ad78f27557ddb29f6eae
  • 1fc4819fcf2522622fd846bf4abcd03ae02adf41366b9911fe7bb30f2a4dc4b7
  • 05d9f4426ad77fcf73a357a4f5ca1d0cf9ceccf44117c1bc829afb79a2f8671b
  • 4967262d1b136bb77be89a2e15c732a9edcc0377b6aaa88a6abecf5a4f8b9215
  • 16e9cf18961ed32613c69d5d4c0f54eb0f051e40a431121bc8fe6de9b3f64b01
  • a7fbbb0393e36bc70b6eafb967a3b11a65c442090da1840364886b984784135c
  • 0bf92be9bb3989d78ce9f345df190a543eb984cc5479928399b4610d5d94c41f
  • dfa5785c13a739fb2fae72f405984eef89dc7bf3dd94137692e96826113d51e0
  • 315c2c6654cc4a29597ffc2c5694e38385e67b3f8b149960874a539836c5773d
  • dd8502622eaa4e3798f4848cfe81c06ed0dffd7cb0a62c7ab6c7124d5b07bb04
  • 30d21ea26917366654f606a8577b430cafe03654432cc97598fad30d16157e2c
  • 2355ee5283fe7171d5d74302eb7f4e371e2e76c52eb3f07ff3a954a854ae8e4e
  • 3466810f091a29be4380a634e3aa3f0bafef0b36041abf9ba90a72b4085433d3
  • 3cccbe2e524cb458ea48c108e36efabbf36c76cf30c80b64f52acf8b7b113de9
  • db0d90d825db484a146ebc43408c8e722b676616c32d84684bc94ddc8b92e893
  • 9fb1dc56a042e6eca786f3aaa7b21d148dfb8276f6cc2cdb867408b20117f547
  • 167359b715610003752cbc89b122a6df97e501304cb4a1ee94a6e75ebf51d6d6
  • db62ac71ac17a2f8e3d19b4f093ff1226d5de7fa323dd4564fb0dbb37ae8a364
  • cac499fe09d2640e376c6e6f45d5d287c75faf94d8ba26290016a815a8b4c5b4
  • 3731b729ffc4aaa42bacb56e0340e29d3b0cb5d14f287bc281ecb716eba0d8d1
  • b8ec6dca18acb873bf8bf55bc3614df0aaed333638d79fda075f03661d8a5662
  • 073bd7acf920d7c90fc130213a43b46e5e082e86e1506309c5818df1b4df2a97
  • https://download.themanualshelf.com/d/themanualshelf.exe
  • https://getallmanuals.com/GetAllManuals.exe
  • https://download.classic8ball.com/d/classic8ball.exe
  • https://download.anyproductmanual.com/anyproductmanual.exe
  • http://download.playthesolitaire.com/d/Solitare.exe
  • https://download.playclassicsnake.com/d/SnakeAxxack.exe
  • https://download.startplayingcrossword.com/Crossword.exe
  • https://getmanualviewer.com/getmanualviewer.exe
  • http://download.playthechess.com/d/MasterChess_oc.exe
  • https://download.justaskjacky.com/d/justaskjacky.exe
  • https://get.usermanualsonline.com/viewmanual.exe
  • https://download.playclassicsudoku.com/ClassicSudoku_oc.exe
  • https://download.allmanualsreader.com/AllManualsReader_oc.exe
  • https://download.gocookmate.com/d/gocookmate.exe
  • https://download.openmymanual.com/OpenMyManual.exe
  • https://rocketpdfpro.com/RocketPDFPro.exe
  • https://download.totalusermanuals.com/totalusermanuals.exe
  • https://speedypdfhub.com/SpeedyPDFHub.exe
  • https://download.playclassicminesweeper.com/ClassicMinesweeper.exe
  • https://download.quickmanualreader.com/d/quickmanualreader.exe
  • https://anyproductmanual.com/
  • http://effortlesspdf.com/EffortlessPDF.exe
  • https://download.sudokufunspot.com/sudokufunspot.exe
  • http://download.playthecheckers.com/d/Checkers.exe
  • http://download.playtheminesweeper.com/d/Minesweeper.exe
  • https://download.playclassicfallingblocks.com/d/FallingCubes.exe
  • https://download.manualreaderpro.com/d/manualreaderpro.exe
  • https://download.askbexxyhow.com/d/AskBexxyHow.exe
Download all indicators here!

Attack Patterns

  • TamperedChef

Additional Informations

  • Manufacturing
  • Health
  • Construction
  • api.sey3p6htm1ays1iy54.com
  • speedypdfhub.com
  • api.rxpfo7bgftr5gjq99u.com
  • download.askbexxyhow.com
  • api.cjby76nlcynrc4jvrb.com
  • api.d1iwuj0s7os571e3a4.com
  • api.opfktvbbb0d5pphzlc.com
  • download.allmanualsreader.com
  • download.playclassicminesweeper.com
  • download.playclassicfallingblocks.com
  • download.playclassicsnake.com
  • download.justaskjacky.com
  • download.playthecheckers.com
  • get.usermanualsonline.com
  • api.42a2hudcuvftqlmit2.com
  • api.7trellca1rt257t2wa.com
  • api.rmr6qd1zy9hyafyzk2.com
  • download.sudokufunspot.com
  • api.vgp4filwmg5ogq58xy.com
  • download.gocookmate.com
  • get.latest-manuals.com
  • api.1r2htpstv0jyv4gr3j.com
  • api.78kwijczjz0mcig0f0.com
  • rocketpdfpro.com
  • getallmanuals.com
  • api.slkzkcpz5xf8nplyb6.com
  • api.1f8tlqv4bfa75qaxl7.com
  • api.h06bwr0wg9iyy8ygl0.com
  • api.85etpt40zf7ht4yd1u.com
  • api.pyej17uw09d1bqlndg.com
  • api.phpjzo16ok6qvpvcrz.com
  • download.openmymanual.com
  • download.classic8ball.com
  • api.uode7wkkvojxsfpom0.com
  • api.kdtskq5kw4cwqvauxy.com
  • api.bftdtfky0i2gewg6ki.com
  • api.vtqgo0729ilnmyxs9q.com
  • getmanualviewer.com
  • anyproductmanual.com
  • download.startplayingcrossword.com
  • download.playthechess.com
  • api.mxpanel.com
  • api.ana43c4ajq1o10642i.com
  • download.quickmanualreader.com
  • download.totalusermanuals.com
  • download.playthesolitaire.com
  • api.mixpnl.com
  • effortlesspdf.com
  • api.zxg4jy1ssoynji24po.com
  • api.00isgy77i9fqrn9rmu.com
  • api.e8b7xa22r6pevc1lmu.com
  • download.manualreaderpro.com
  • download.playtheminesweeper.com
  • api.ka4f064txqusqf1ecb.com
  • download.playclassicsudoku.com
  • api.npfk87zidodfqsfqxd.com
  • api.meg7xqos0m7h9urhr0.com
  • download.themanualshelf.com
  • download.anyproductmanual.com
  • United States of America