21.2 C
Pakistan
October 16, 2025
Daily Systematic Metro EPaper News National and International Political Sports Religion
Technology

NCERT Warns of Dangerous Fake PDF App Infecting Computers Worldwide

by Editor023
NCERT Warns of Dangerous Fake PDF App Infecting Computers Worldwide

 Oct 6, 2025 | 12:10 pm

The National Computer Emergency Response Team (NCERT) has issued a high-priority cybersecurity warning for both public and private sector organizations over a malicious fake PDF editing app spreading rapidly online.

Ad powered by advergic.com

According to NCERT, cybercriminals have been circulating a trojanized version of “AppSuite PDF Editor” since August 21, 2025, which secretly installs malware named “TamperedChef.”

This deceptive program appears to function like a normal PDF editor but hides dangerous code capable of stealing sensitive data, installing ransomware, and giving hackers remote access to infected systems.

How the Malware Spreads

NCERT revealed that the attackers are using phishing emails, fake software download sites, and malicious ads to trick users into downloading the infected installer.

Once installed, the malware can:

  • Steal login credentials, cookies, and important files

  • Alter Windows registry settings to stay active

  • Connect to hacker-controlled servers for further attacks

Ad powered by advergic.com

The malware mainly targets Windows systems, especially those that are outdated or lack strong antivirus and endpoint protection tools.

High Risk to Government and Corporate Networks

NCERT warned that “TamperedChef” poses a serious threat to enterprise and government infrastructure because it can act as an entry point for advanced cyberattacks, including data theft and ransomware operations.

Compromised systems may experience:

  • Unauthorized modification of PDF files

  • Loss of confidential data

  • Disruptions caused by ransomware infections

Some of the malicious domains linked to this campaign include editor-update[.]com and pdfsuite-sync[.]net, identified as command-and-control (C2) servers used to manage infected systems.

How to Check if You’re Infected

According to NCERT, signs of infection may include:

  • Unexplained changes in PDF documents

  • Browser crashes or slow performance

  • Strange network activity or encrypted data transfers

Organizations are advised to monitor for suspicious files in AppData directories and network connections to 185.92.223[.]14 or 103.89.77[.]6.

NCERT’s Security Recommendations

To stay protected, NCERT advises all users and IT teams to:

  • Block identified IOCs at firewalls and intrusion systems

  • Restrict app installations using AppLocker or Group Policy

  • Apply all latest security patches

  • Enable multi-factor authentication (MFA)

  • Conduct phishing awareness training for staff

  • Use updated antivirus or EDR solutions

Ad powered by advergic.com

NCERT also urged organizations to isolate infected systems immediately, reset compromised credentials, and share indicators of compromise with trusted cybersecurity networks.

Final Warning

The agency emphasized that the TamperedChef malware campaign is active and spreading fast. Early detection and swift action are crucial to preventing large-scale data breaches and ransomware incidents linked to this threat.

Stay cautious — avoid downloading PDF editors or similar tools from unofficial sources, and always verify authenticity before installation.

Related posts

KP to Integrate AI into Higher Education

Editor

PTA Makes Major Changes to Critical Telecom Data and Infrastructure Security Regulations

Editor

Alien planet lashed by huge flares from its ‘angry beast’ star

Editor

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.