Threat actors are distributing a fraudulent PDF editing application named AppSuite PDF Editor, which delivers the TamperedChef info-stealer malware. This campaign, supported by Google ads and utilizing fraudulent certificates, has been orchestrated to maximize downloads before activating the malicious components that collect sensitive data and turn systems into residential proxies. Researchers warn that the operation involves multiple apps, some potentially yet to be weaponized, posing ongoing risks to users.