The FBI has issued an alert over the rise of fake file converter tools online after observing a spate of scams and ransomware attacks.
According to the FBI Denver Field Office, cyber criminals are creating free online document converter tools to load malware onto victims’ computers, leading in some cases to identity theft or ransom demands.
Threat actors are exploiting a range of file converter or downloader tools, officials warned, including one website claiming to convert one type of file to another, such as a .doc file to a .pdf file.
The tool may also claim to combine files, such as joining multiple .jpg files into one .pdf file, or to be an MP3 or MP4 downloading tool.
These converters and downloading tools will do the job they claim, but leave the resulting file holding hidden malware that gives criminals access to the victim’s computer.
These tools can also scrape the submitted files for personal identifying information, such as social security numbers, dates of birth, phone numbers, banking information, cryptocurrency information such as seed phrases or wallet addresses, email addresses, and passwords.
"The best way to thwart these fraudsters is to educate people so they don’t fall victim to these fraudsters in the first place," said FBI Denver special agent in charge Mark Michalek.
"If you or someone you know has been affected by this scheme, we encourage you to make a report and take actions to protect your assets. Every day, we are working to hold these scammers accountable and provide victims with the resources they need."
How to spot fake file converter tools
Malwarebytes has identified some of these suspect file converters, which include Imageconvertors.com, convertitoremp3.it, convertisseurs-pdf.com and convertscloud.com.
There are several techniques used by the cyber criminals, according to Malwarebytes.
"They encourage you to download a tool on your device to do the conversion. This is the actual malware. You might be recommended to install a browser extension that you can use going forward. These extensions are often browser hijackers and adware," it said.
"In the most sophisticated scenario, the so-called converted file contains malware code that downloads and install an information stealer and everyone who opens it will get their device infected."
A suspect file converter tool is believed to have been behind the hack of major US local newspaper publisher Lee Enterprises last month, claimed by the Qilin ransomware operation.
The attack affected a number of the company's business operations, including product distribution, billing, collections, and vendor payments.
Lee Enterprises said it wasn't clear whether any sensitive data or personally identifiable information was compromised during the breach.
MORE FROM ITPRO
