Don’t Trust Signed Apps Blindly: How TamperedChef Malware Hides in Productivity Tools
Don’t Trust Signed Apps Blindly: How TamperedChef Malware Hides in Productivity Tools Most of us assume that if an app comes with a legitimate-looking digital signature it’s safe. After all, code signing is supposed to verify the software’s publisher and guarantee it hasn’t been tampered with. But a recent wave of attacks known as TamperedChef shows that assumption can be costly. Attackers are using stolen or forged digital certificates to sign malicious installers that look like everyday productivity apps—PDF editors, office suites, and project management tools. Once installed, the malware steals credentials, installs remote access trojans (RATs), and can give attackers full control over your device. Here’s what you need to know and how to protect yourself. ...