The CCB warns organisations about an ongoing malicious campaign that delivers trojanized applications disguised as PDF editors or product manuals. Once installed, this malware can steal credentials and turn compromised Windows devices into proxies. Several incidents have already been reported.
The CCB is treating this campaign as a high risk. Our teams are actively reaching out to Belgian companies and civilians that may be affected by this threat. The CCB strongly recommends taking immediate preventive measures.
Who is at risk?
Organisations and individuals that download software through online advertisements or unfamiliar links are affected. Specifically:
- Users searching for PDF editors or product manuals online
- Organisations allowing employees to install software without strict controls
- Any Windows environment where users can execute downloaded applications
What should you do?
If your organisation or employees may have installed one of these trojanized applications, we strongly advise you to:
- Avoid downloading or installing applications via online advertisements or unverified websites.
- Verify whether the following applications are present in your environment: AppSuite-PDF, PDFEditor, or ManualFinder.
- Check systems for signs of compromise. Look for unusual processes, credential theft activity, or devices being misused as proxies.
- Report any suspected incidents immediately to the CCB.
More information
For further details on this campaign, consult the following resources:
Follow the updates on the CCB website: https://ccb.belgium.be/advisories/warning-trojanized-infostealer-campaign-appsuite-pdf-editormanual-finder-immediate
Report an incident
Report any incidents to the CCB via our official incident reporting form.
The CCB is committed to protecting Belgian organisations from cyber threats. We will continue to closely monitor this campaign, provide updates as needed, and contact potential victims.