The TamperedChef campaign distributes trojanized productivity applications via malvertising, achieving at least 12,000 confirmed installations globally since 2023. No CVE is assigned; the threat vector is user-initiated installation of malicious software that abuses code-signing certificates from 81 distinct organizations and uses extended dormancy periods to evade time-bounded detection. Hash-based detection is explicitly insufficient.