A sophisticated backdoor in AppSuite PDF Editor that enables threat actors to execute arbitrary commands on compromised Windows systems.
Initially flagged as a potentially unwanted program due to its aggressive installation behavior, AppSuite’s true nature was
revealed when its malicious components were deobfuscated and analyzed.
Threat actors exploited high-ranking PDF tool websites to distribute a deceptive MSI installer under the guise of a legitimate productivity application.
These sites, reminiscent of earlier trojan horse campaigns like JustAskJacky, direct victims to download a WiX-built MSI package.
thehackernews.com
