A new malware campaign is targeting users looking for free PDF editing tools by distributing a fake application called “AppSuite PDF Editor.” Cybercriminals are using deceptive websites that resemble legitimate software download portals to spread the malware, which is packaged as a Microsoft Installer (MSI) file.
Security researchers found that the installer, built with the WiX toolset, downloads the actual PDF editor from vault.appsuites.ai once users accept the license agreement. Although the app appears to offer genuine functionality, it hides a trojan with a sophisticated backdoor.
The malware, built on the Electron framework, has seen over 28,000 download attempts in just one week. It uses command-line switches to control its behavior and registers infected systems with servers at appsuites.ai and sdk.appsuites.ai. It also creates scheduled tasks to maintain persistence.
The most alarming feature is its ability to execute remote commands using templates retrieved from sdk.appsuites.ai. This allows attackers to tailor their actions based on the system’s configuration and defenses.
Researchers noted similarities between this campaign and previous trojan networks like JustAskJacky. The attackers have even submitted their malware to antivirus vendors as false positives in an attempt to bypass detection.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
