Fake Productivity Apps with Real Signatures: How Malware Is Hiding in Plain Sight
Fake Productivity Apps with Real Signatures: How Malware Is Hiding in Plain Sight Most people assume that if a piece of software carries a valid digital signature, it’s safe. That assumption is exactly what attackers behind the “TamperedChef” campaign are exploiting. They are taking productivity apps—things like document editors, note‑taking tools, and file converters—signing them with legitimate code‑signing certificates, and then distributing them through unofficial download sites. Once installed, these apps deliver password stealers and remote access trojans (RATs) without raising obvious red flags. ...