Cegeka_Logo Careers Language Solutions
Back
Solutions
Hybrid Cloud

Hybrid Cloud

Explore the added value of cloud adoption for your business.

 Data solution

Data & AI

Discover our different data solutions to help you become a data-driven company.

 RegulatoryCompliance_Visuals_Navigation (1)

Regulatory Compliance

Ensure GDPR & GxP compliance with our comprehensive solutions.

 Cyber Security & Networking Solution

Cyber Security & Networking

With cyber resilience, your organisation becomes a bit more secure with each day.

 Digital Workplace Solution

Digital Workplace

Hybrid workplaces that increases productivity and reduces costs.

 Testing_Visuals_IconNavigation (1)

Quality Engineering

Ensuring seamless software, one Test at a time.

 Cegeka Application Services

Cegeka Application Services

Building the applications to embed growth, innovation and agility.

 Business Applications

Business Applications

Transform your business with Microsoft Dynamics ERP and CRM, integrated with Microsoft’s Power Platform.

 5G_Citymesh

5G & Mobile Private Networks

Expertise and development experience to bring all the advantages of 5G.

 Products and platform solutions

Products & Platforms

Software solutions that optimize business processes and drive success.

 Services
Back
Services
Website_Navigation_IT_Team_Extension_3

IT Team Extension

The best IT professionals to support your projects.

 Outsourcing Services

Outsourcing & Managed Services

Outsourcing your IT helps you to focus on your strategy.

 Website_Navigation_Consultancy

Consultancy

The right skills and attitude to support the IT projects at your office

 Website_Navigation_Projects

Projects

Integrating the right digital solutions for your IT project

 Industries
Back
Industries

Our industry-tailored services are designed to address specific challenges and opportunities across different industries.

All industries Website_Navigation_Agriculture

Agriculture

Cegeka has a deep understanding of the agri and food ecosystem and the opportunities it creates.

food-80-80

Food

Streamline operations, ensure traceability and maintain compliance.

 Energy & Utilities

Energy & Utilities

The arrival of smart electricity grids will allow companies to take care of their own energy management

 pharma-icon-80-80

Pharma & Life Sciences

Face the increasingly complex challenges in Pharma & life sciences with confidence.

 Manufacturing

Manufacturing

Production chains are becoming intelligent networks with real-time track-and-trace systems.

 Website_Navigation_Mobility

Mobility

Offer citizens, businesses and visitors a better experience by integrating the best digital solutions for mobility.

 Insights
Back
Knowledge is our backbone

We believe in sharing our insights and expertise with you. Explore our resources and learn more about our products, services and industry trends.

 Icons_Navigation_Case Studies

Case Studies

Step into the world of our delighted customers and see how we helped them achieve their goals.

 Icons_Navigation_News Items

Corporate News

Stay in the loop with our company news, announcements, awards and events.

 Icons_Navigation_Blogs

Blogs

Read our latest articles on topics ranging from technology, innovation, business and beyond.

 Icons_Navigation_Webinars

Webinars

Be part of the action with our live or on-demand webinars, where our experts share invaluable knowledge.

 Icons_Navigation_Ebooks

E-books & Whitepapers

Download our guides and reports on various aspects of technology and business.

 Icons_Navigation_Events

Events

Find out where we are going to be next, and register for our upcoming events.

 CTG Academy

Academy

Enhance your skills with our expert-led training courses, tutorials, and certifications at our Academy.

Join our Academy About us Back
shaping digital together

We work shoulder to shoulder with our clients to ensure technology drives impact when and where it matters most.

Start the journey with us Icons_Navigation_Why Cegeka

Why Cegeka

Discover why more than 2,500 clients around the world choose to work with us, and stay with us.

Icons_Navigation_Cegeka&Society

Cegeka & Society

We develop innovative solutions with a positive impact on the environment, people, and society.

 Icons_Navigation_Our Story

The Cegeka Story

In just over 30 years, Cegeka has grown from 30 people to a global company with 9,000 employees across 3 continents.

 Icons_Navigation_Annual Report

Annual Report

See how our work makes a difference, explore the full annual report to learn more.

More Cegeka

Our Management

Corporate News

Contact & Locations

 Back
Select language

Austria

Belgium

Belgium

Denmark

Germany

Italy

Romania

Sweden

The Netherlands

United Kingdom

United States

 Let’s get in touch Cegeka_Logo Solutions
Solutions
Hybrid Cloud

Hybrid Cloud

Explore the added value of cloud adoption for your business.

 Data solution

Data & AI

Discover our different data solutions to help you become a data-driven company.

 RegulatoryCompliance_Visuals_Navigation (1)

Regulatory Compliance

Ensure GDPR & GxP compliance with our comprehensive solutions.

 Cyber Security & Networking Solution

Cyber Security & Networking

With cyber resilience, your organisation becomes a bit more secure with each day.

 Digital Workplace Solution

Digital Workplace

Hybrid workplaces that increases productivity and reduces costs.

 Testing_Visuals_IconNavigation (1)

Quality Engineering

Ensuring seamless software, one Test at a time.

 Cegeka Application Services

Cegeka Application Services

Building the applications to embed growth, innovation and agility.

 Business Applications

Business Applications

Transform your business with Microsoft Dynamics ERP and CRM, integrated with Microsoft’s Power Platform.

 5G_Citymesh

5G & Mobile Private Networks

Expertise and development experience to bring all the advantages of 5G.

 Products and platform solutions

Products & Platforms

Software solutions that optimize business processes and drive success.

 Services
Services
Website_Navigation_IT_Team_Extension_3

IT Team Extension

The best IT professionals to support your projects.

 Outsourcing Services

Outsourcing & Managed Services

Outsourcing your IT helps you to focus on your strategy.

 Website_Navigation_Consultancy

Consultancy

The right skills and attitude to support the IT projects at your office

 Website_Navigation_Projects

Projects

Integrating the right digital solutions for your IT project

 Industries
Industries

Our industry-tailored services are designed to address specific challenges and opportunities across different industries.

All industries Website_Navigation_Agriculture

Agriculture

Cegeka has a deep understanding of the agri and food ecosystem and the opportunities it creates.

food-80-80

Food

Streamline operations, ensure traceability and maintain compliance.

 Energy & Utilities

Energy & Utilities

The arrival of smart electricity grids will allow companies to take care of their own energy management

 pharma-icon-80-80

Pharma & Life Sciences

Face the increasingly complex challenges in Pharma & life sciences with confidence.

 Manufacturing

Manufacturing

Production chains are becoming intelligent networks with real-time track-and-trace systems.

 Website_Navigation_Mobility

Mobility

Offer citizens, businesses and visitors a better experience by integrating the best digital solutions for mobility.

 Insights
Knowledge is our backbone

We believe in sharing our insights and expertise with you. Explore our resources and learn more about our products, services and industry trends.

 Icons_Navigation_Case Studies

Case Studies

Step into the world of our delighted customers and see how we helped them achieve their goals.

 Icons_Navigation_News Items

Corporate News

Stay in the loop with our company news, announcements, awards and events.

 Icons_Navigation_Blogs

Blogs

Read our latest articles on topics ranging from technology, innovation, business and beyond.

 Icons_Navigation_Webinars

Webinars

Be part of the action with our live or on-demand webinars, where our experts share invaluable knowledge.

 Icons_Navigation_Ebooks

E-books & Whitepapers

Download our guides and reports on various aspects of technology and business.

 Icons_Navigation_Events

Events

Find out where we are going to be next, and register for our upcoming events.

 CTG Academy

Academy

Enhance your skills with our expert-led training courses, tutorials, and certifications at our Academy.

Join our Academy About us
shaping digital together

We work shoulder to shoulder with our clients to ensure technology drives impact when and where it matters most.

Start the journey with us Icons_Navigation_Why Cegeka

Why Cegeka

Discover why more than 2,500 clients around the world choose to work with us, and stay with us.

Icons_Navigation_Cegeka&Society

Cegeka & Society

We develop innovative solutions with a positive impact on the environment, people, and society.

 Icons_Navigation_Our Story

The Cegeka Story

In just over 30 years, Cegeka has grown from 30 people to a global company with 9,000 employees across 3 continents.

 Icons_Navigation_Annual Report

Annual Report

See how our work makes a difference, explore the full annual report to learn more.

More Cegeka

Our Management

Corporate News

Contact & Locations

 Austria   Austria DE Belgium   Belgium NL Belgium   Belgium FR Denmark   Denmark EN Germany   Germany DE Italy   Italy IT Romania   Romania EN Sweden   Sweden EN The Netherlands   The Netherlands NL United Kingdom   United Kingdom EN United States   United States EN Careers Let’s get in touch
Home Discover our latest blogs Discover our latest blogs Trojanized PDF Editor application spread through malvertising
Cyber security & Networking
2 minutes reading

Trojanized PDF Editor application spread through malvertising

The CSIRT (Computer Security Incident Response Team) of Cegeka Modern SOC recently observed a campaign that leverages malicious advertisements to lure users into downloading trojanized software that appears as a ‘PDF Editing’ utility. The binary creates persistence mechanisms such as registry keys and scheduled tasks, enumerates processes, retrieves information saved in browsers and modifies settings such as the default ‘search engine’ of browsers. Finally, it downloads and executes an additional binary named ‘ManualFinderApp.exe’. It has been observed that, as of 26th of August 2025, the Endpoint Detection and Response tools that Cegeka Modern SOC uses, prevent some of the observed activity. In addition to that, inherent features of Windows such as Microsoft Defender for Antivirus and Microsoft Defender SmartScreen prevent the users from accessing some of the reported malicious URLs and malicious files. Cegeka CSIRT is currently performing a targeted threat hunt related to this campaign and will update the current post with any new findings.

This blog, authored by Cristina Aldea and Christos Katopis from Cegeka CSIRT, provides both an overview and a detailed threat analysis report on the observed activity.

Cristina Aldea

Cristina Aldea

August 29, 2025

Threat Overview

Recently, Cegeka CSIRT investigated multiple incidents involving binaries with the file names ‘ManualFinderApp.exe’ and ‘PDF Editor.exe’. Cegeka CSIRT observed that the incidents started with the download of the malicious .msi package ‘AppSuite-PDF.msi’. The package installs the ‘PDF Editor’ application. The .msi package is hosted on several websites that leverage advertisements to increase their reach. Cegeka CSIRT observed existence of the aforementioned package on several hosts, indicating a broader distribution campaign rather than isolated cases.

During the investigation, Cegeka CSIRT noticed that the .msi package was downloaded from several websites (such as ‘pdfadmin[.]com’, pdfmeta[.]com’, ’pdftraining[.]com’, ‘fullpdf[.]com’ and others). All of the referenced domains share a nearly identical design and were found to distribute similar builds of the ‘AppSuite-PDF.msi’ package.

Analysis of the available telemetry from the affected hosts revealed a consistent sequence of events that lead to the download of ‘AppSuite-PDF.msi’:

  • Initial activity starts with users browsing the web and accessing websites that contain ads or redirects;
  • Alongside the ad-related web activity, Cegeka CSIRT also observed connections to ‘PDF-themed’ websites hosting the malicious .msi package;
  • The .msi package was downloaded from the ‘PDF-themed’ website and was then launched.

This pattern suggests that the threat actor(s) may be leveraging malvertising to promote the application, increasing its visibility and reach across different victims.

Once the download is initiated, the websites showcase execution instructions to the user, instructing the user to run the .msi file. The infection occurs only if there is direct user interaction with the .msi file, meaning the user manually launches the downloaded ’.msi’ file, which then installs the malicious payload on the host.

The diagram below shows a high-level overview of the infection chain.

PDF Editor - FinalRecommendations

Cegeka CSIRT encourages organizations to:

  • Investigate across their environment whether they observe activity involving the indicators of compromise (IoC) that are provided in our Threat Analysis report.
  • Block the indicators of compromise (IoC) in every applicable solution (firewalls, NIDS/NIPS, HIDS/HIPS, EDR/xDR etc.).
  • Use Endpoint Detection and Response (EDR) tools to continuously monitor endpoint activity, detect threats and promptly respond with containment and eradication actions in case of detections.
  • Encourage browser hygiene by avoiding the storage of sensitive information (credentials, credit card data or personal information) in the browser.
  • Consider enforcing security controls and policies that allow only business-approved applications to be installed or executed on corporate devices.
  • Establish an internal Security Operation Center (SOC) / Cybersecurity Incident Response Team (CSIRT) or partner with a Managed Security Services Provider to ensure continuous threat detection and prompt incident response.

Threat Analysis Report

Please find the full Cegeka CSIRT threat analysis report which includes the observed indicators of compromise here:

Trojanized PDF Editor report banner HubSpot CTA 1920x540px (1)

Cegeka Modern SOC

Our Cegeka Modern SOC, staffed with experienced security professionals, is able to detect these types of attacks and adequately respond to them in a timely manner, minimizing or even fully preventing impact on your organization.
Cristina Aldea

Cristina Aldea

More of Cristina Aldea articles

Contact us

Fill in the form.