VERY IMPORTANT

A malware distribution campaign leveraging digitally signed binaries, deceptive packaging, and browser hijackers has been uncovered. The campaign centers around two malicious applications, ImageLooker.exe and Calendaromatic.exe, delivered via self-extracting 7-Zip archives. These artifacts align with the TamperedChef malware campaign, which uses trojanized productivity tools for initial access and data exfiltration. The malware employs NeutralinoJS framework, Unicode homoglyphs, and multiple digital signers to bypass detection. The campaign exploits user behavior through SEO poisoning and malvertising, masquerading as legitimate software. This sophisticated approach highlights the evolving tactics of threat actors in weaponizing PUAs and abusing digital code signing to evade security measures.