In recent months, there’s been a sharp rise in security alerts linked to malicious PDF editors and converters.
You may recall the Cyber Team’s earlier blog on Lumma InfoStealer – a fake captcha that secretly installed malware to steal personal documents, saved browser passwords, and other sensitive data. The latest variation of this threat is now spreading through fake PDF editors promoted via Google ads.
These fraudulent apps, such as AppSuite PDF Editor or PDFEditor, appear legitimate but instead deliver a new information stealer called TamperedChef. Once installed, the software displays a standard licence agreement while quietly installing malware in the background. This malware is designed to harvest credentials, web cookies, and other sensitive data, while also modifying the Windows Registry to ensure it runs every time the computer reboots.
Information Services has already blocked known malicious sites and are scanning devices to remove any infected software.
As a reminder, software should only be downloaded from reputable sources. It is worth noting that often non reputable sites, bundle software meaning that you think you are getting just a convertor but when you click “Install”, the software also installs extra programs in the background including browser toolbars, crypto miners, or adware.
You may have noticed you do not have admin rights to install software on your University device. This restriction is in place to prevent malicious or rogue software from compromising the University network and resources.
How to stay safe:
- Only download software from reputable sources. Many unofficial sites bundle unwanted extras (such as adware, crypto miners, or toolbars) alongside the program you intended to install.
- Remember: you do not have admin rights on your University device. This restriction is deliberate as it helps prevent rogue software from compromising both your data and the wider University network.
Approved sources and how to request software
If you need to install software or applications:
- Only use software from approved sources such as Company Portal or AppsAnywhere.
- If you need something new, ask IS, there may already be a secure, supported option.
- If it’s not available, submit a request via UniDesk. IS will review the request, check for security risks, and if safe, make it available for everyone.
If you think you have downloaded PDF Editor or AppSuite PDF Editor, please get in touch by emailing information.centre@stir.ac.uk and we will look into this for you.