The FBI has issued an alert over the rise of fake file converter tools online after observing a spate of scams and ransomware attacks.
According to the FBI Denver Field Office, cyber criminals are creating free online document converter tools to load malware onto victims’ computers, leading in some cases to identity theft or ransom demands.
Threat actors are exploiting a range of file converter or downloader tools, officials warned, including one website claiming to convert one type of file to another, such as a .doc file to a .pdf file.
The tool may also claim to combine files, such as joining multiple .jpg files into one .pdf file, or to be an MP3 or MP4 downloading tool.
These converters and downloading tools will do the job they claim, but leave the resulting file holding hidden malware that gives criminals access to the victim’s computer.
These tools can also scrape the submitted files for personal identifying information, such as social security numbers, dates of birth, phone numbers, banking information, cryptocurrency information such as seed phrases or wallet addresses, email addresses, and passwords.
"The best way to thwart these fraudsters is to educate people so they don’t fall victim to these fraudsters in the first place," said FBI Denver special agent in charge Mark Michalek.
"If you or someone you know has been affected by this scheme, we encourage you to make a report and take actions to protect your assets. Every day, we are working to hold these scammers accountable and provide victims with the resources they need."
How to spot fake file converter tools
Malwarebytes has identified some of these suspect file converters, which include Imageconvertors.com, convertitoremp3.it, convertisseurs-pdf.com and convertscloud.com.
There are several techniques used by the cyber criminals, according to Malwarebytes.
"They encourage you to download a tool on your device to do the conversion. This is the actual malware. You might be recommended to install a browser extension that you can use going forward. These extensions are often browser hijackers and adware," it said.
"In the most sophisticated scenario, the so-called converted file contains malware code that downloads and install an information stealer and everyone who opens it will get their device infected."
A suspect file converter tool is believed to have been behind the hack of major US local newspaper publisher Lee Enterprises last month, claimed by the Qilin ransomware operation.
The attack affected a number of the company's business operations, including product distribution, billing, collections, and vendor payments.
Lee Enterprises said it wasn't clear whether any sensitive data or personally identifiable information was compromised during the breach.
MORE FROM ITPRO
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackers
News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up stingNews Europol has detained several people believed to be involved in a botnet operation as part of a follow-up to a major takedown last year.
-
This potent malware variant can hijack your Windows PC, steal passwords, and more: Neptune RAT is spreading on GitHub, Telegram, and even YouTube – and experts warn 'anyone could use it to launch attacks'News Neptune RAT can hijack Windows PCs and steal passwords – and it's spreading fast
-
Warning issued over ‘fast flux’ techniques used to obscure malicious signals on compromised networksNews Cybersecurity agencies have issued a stark message that too little is being done to sniff out malware hiding in corporate networks
-
Forget MFA fatigue, attackers are exploiting ‘click tolerance’ to trick users into infecting themselves with malwareNews Threat actors are exploiting users’ familiarity with verification tests to trick them into loading malware onto their systems, new research has warned.
-
A ‘significant increase’ in infostealer malware attacks left 3.9 billion credentials exposed to cyber criminals last year – and experts worry this is a ticking time bomb for enterprisesNews The threat of infostealer malware is on the rise, with 4.3 million machines infected last year alone
-
Why ‘malware as a service’ is becoming a serious problemNews Researchers have issued a warning over the rise of 'malware as a service' platforms amid a surge in attacks over the last year.
-
There’s a new ransomware player on the scene: the ‘BlackLock’ group has become one of the most prolific operators in the cyber crime industry – and researchers warn it’s only going to get worse for potential victimsNews Security experts have warned the BlackLock group could become the most active ransomware operator in 2025
