TamperedChef has shifted from a niche infostealer into a fully industrialized malware brand. Today, operators spread 𝐓𝐚𝐦𝐩𝐞𝐫𝐞𝐝𝐂𝐡𝐞𝐟 𝐦𝐚𝐥𝐰𝐚𝐫𝐞 through fake software installers that look like ordinary tools: PDF utilities, manual readers, games and other everyday applications. Threat actors lean on malvertising and search engine poisoning so victims land on attacker-controlled download sites when they search for things like “product manual” or “free PDF editor”. Once victims run the signed installer, the malware establishes persistence and launches an obfuscated JavaScript backdoor that grants remote access.
𝐍𝐚𝐦𝐞𝐬, 𝐧𝐨𝐦𝐞𝐧𝐜𝐥𝐚𝐭𝐮𝐫𝐞 𝐚𝐧𝐝 𝐭𝐡𝐞 𝐄𝐯𝐢𝐥𝐀𝐈 𝐞𝐜𝐨𝐬𝐲𝐬𝐭𝐞𝐦
Researchers originally used the TamperedChef name for an infostealer embedded inside a malicious recipe application linked to a broader campaign called 𝐄𝐯𝐢𝐥𝐀𝐈. Later, multiple vendors observed overlapping infrastructure and payloads in fake PDF editors and other utility tools, and they began to reuse the TamperedChef label for the family. At this point, Acronis and others explicitly call the family TamperedChef, even when other vendors track parts of the same toolset as 𝐁𝐚𝐨𝐋𝐨𝐚𝐝𝐞𝐫. That consolidation helps threat intel teams correlate reports across EvilAI-themed malvertising, PDF-based lures and the current wave of fake installers.
Because of this naming drift, defenders should map TamperedChef, BaoLoader and EvilAI relationships carefully inside their own threat-intel platforms instead of treating each as an unrelated family.
𝐈𝐧𝐢𝐭𝐢𝐚𝐥 𝐚𝐜𝐜𝐞𝐬𝐬: 𝐟𝐚𝐤𝐞 𝐢𝐧𝐬𝐭𝐚𝐥𝐥𝐞𝐫𝐬, 𝐦𝐚𝐥𝐯𝐞𝐫𝐭𝐢𝐬𝐢𝐧𝐠 𝐚𝐧𝐝 𝐒𝐄𝐎 𝐩𝐨𝐢𝐬𝐨𝐧𝐢𝐧𝐠
Attackers start by registering a cluster of themed domains that mimic legitimate download portals. They use names like “all manuals reader”, “manual reader pro” or “any product manual”, then create download subdomains that look normal at a glance. Telemetry and WHOIS data show that many TamperedChef-related download sites sit behind NameCheap registration with privacy protection services, short one-year lifetimes and patterns that repeat across multiple fake brands.
After they stand up the web layer, operators buy search ads and tune SEO so these domains appear in search results when users look for PDF tools, product manuals or simple productivity apps. Users who click those ads land on a well-crafted page that promotes a “free” tool, often with a polished UI and marketing copy that resembles legitimate software. Because the site looks professional and the download arrives quickly, many users never question the origin.
𝐄𝐱𝐞𝐜𝐮𝐭𝐢𝐨𝐧 𝐜𝐡𝐚𝐢𝐧: 𝐟𝐫𝐨𝐦 𝐬𝐢𝐠𝐧𝐞𝐝 𝐚𝐩𝐩 𝐭𝐨 𝐉𝐚𝐯𝐚𝐒𝐜𝐫𝐢𝐩𝐭 𝐛𝐚𝐜𝐤𝐝𝐨𝐨𝐫
When a victim runs a TamperedChef-linked installer, the experience looks almost identical to legitimate software. The program displays a license agreement, walks through a normal-looking installation flow and opens a “thank you” page or functional UI when it finishes. Meanwhile, the installer quietly drops an XML file, often named task.xml, into a temporary or installation directory and uses it to register a scheduled task. That task persists across reboots and launches an obfuscated JavaScript payload on a recurring basis.
Once the JavaScript backdoor starts, it collects basic host information such as a session ID, machine ID and environment metadata. It then encrypts and Base64-encodes that profile as JSON and sends it over HTTPS to a command-and-control endpoint. Because this traffic uses common protocols and straightforward JSON structures, it blends into normal web telemetry unless defenders explicitly watch for the specific domains and patterns.
𝐈𝐧𝐟𝐫𝐚𝐬𝐭𝐫𝐮𝐜𝐭𝐮𝐫𝐞 𝐚𝐧𝐝 𝐜𝐨𝐝𝐞-𝐬𝐢𝐠𝐧𝐢𝐧𝐠 𝐚𝐛𝐮𝐬𝐞
TamperedChef operators invest heavily in infrastructure hygiene. Domain patterns show clusters of download sites and early C2 endpoints with machine-like hostnames, followed by later-stage C2 that shifts to more human-readable names in an attempt to blend into normal logs. Security teams who examined this infrastructure highlight repeated reliance on NameCheap and privacy services that mask the true registrant, along with one-year registration windows that keep the fleet flexible.
In parallel, the group hides behind shell companies that obtain legitimate code-signing certificates. Public research connects the campaign to multiple marketing-style LLCs registered in U.S. states such as Delaware and Wyoming, all with generic “digital” or “media” branding. As investigators pressure certificate authorities and revocations hit, the operators quickly rotate to new shell entities and new certificates, then re-sign the same family of fake installers. That pattern keeps the binaries looking trustworthy even as defenders burn each previous identity.
𝐕𝐢𝐜𝐭𝐢𝐦𝐨𝐥𝐨𝐠𝐲 𝐚𝐧𝐝 𝐠𝐥𝐨𝐛𝐚𝐥 𝐫𝐞𝐚𝐜𝐡
Telemetry from multiple vendors shows that TamperedChef infections cluster in the Americas, with a heavy concentration in the United States and additional victims across Europe and other regions. In earlier PDF-editor-focused activity, researchers highlighted significant impact on European organizations that allowed employees to download utilities freely. In the current wave, analysts see the highest hit rates in healthcare, construction and manufacturing. Those sectors rely on specialized equipment and documentation, so staff often search online for product manuals and utilities, which aligns perfectly with the campaign’s lures.
Because the fake applications deliver full or partial functionality, many victims continue to use them for day-to-day tasks, which extends dwell time and gives the JavaScript backdoor a long window to operate quietly in the background.
𝐅𝐢𝐧𝐚𝐧𝐜𝐢𝐚𝐥 𝐦𝐨𝐭𝐢𝐯𝐞𝐬 𝐚𝐧𝐝 𝐟𝐮𝐭𝐮𝐫𝐞 𝐩𝐚𝐲𝐥𝐨𝐚𝐝𝐬
Public reporting paints TamperedChef primarily as an info-stealing and access-enabling tool. Some samples engage in advertising fraud and traffic redirection. Others focus on harvesting browser data, credentials and cookies, which attackers can sell or reuse for account takeover and lateral movement. Researchers also assess that the operators likely monetize initial access by selling footholds to other threat actors, including ransomware crews or espionage-focused groups that want convenient entry into already profiled environments.
Because the backdoor gives generic remote control and the campaign shows industrial discipline, defenders should assume that TamperedChef represents only the first stage in a longer chain, not the full extent of the threat.
𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐚𝐜𝐭𝐢𝐨𝐧𝐬: 𝐝𝐞𝐭𝐞𝐜𝐭, 𝐝𝐞𝐧𝐲, 𝐝𝐢𝐬𝐫𝐮𝐩𝐭
From a detection perspective, defenders gain leverage when they treat malvertising and fake installers as part of their supply-chain exposure, not just user error. Teams can enrich web proxy and DNS logs with indicators from TamperedChef-related download and C2 domains, then monitor for outbound connections to those hostnames. Endpoint telemetry can flag processes that drop task.xml-style files and immediately create scheduled tasks that point to JavaScript engines or unusual script paths.
At the same time, security teams should pressure-test application control policies. Organizations that allow any signed executable to run without scrutiny sit squarely in TamperedChef’s ideal victim profile. Instead, defenders can tighten policies to only trust software from pre-approved publishers, enforce application allowlists for high-value systems and use reputation services that react quickly when vendors flag abused certificates.
User-awareness programs also matter here. Staff need concrete guidance: never download tools for manuals or PDF editing from random search results, always rely on vetted internal software portals and always treat “free” utilities with skepticism, especially when they claim AI enhancements or advanced productivity features.
