The FBI has issued an alert over the rise of fake file converter tools online after observing a spate of scams and ransomware attacks.
According to the FBI Denver Field Office, cyber criminals are creating free online document converter tools to load malware onto victims’ computers, leading in some cases to identity theft or ransom demands.
Threat actors are exploiting a range of file converter or downloader tools, officials warned, including one website claiming to convert one type of file to another, such as a .doc file to a .pdf file.
The tool may also claim to combine files, such as joining multiple .jpg files into one .pdf file, or to be an MP3 or MP4 downloading tool.
These converters and downloading tools will do the job they claim, but leave the resulting file holding hidden malware that gives criminals access to the victim’s computer.
These tools can also scrape the submitted files for personal identifying information, such as social security numbers, dates of birth, phone numbers, banking information, cryptocurrency information such as seed phrases or wallet addresses, email addresses, and passwords.
"The best way to thwart these fraudsters is to educate people so they don’t fall victim to these fraudsters in the first place," said FBI Denver special agent in charge Mark Michalek.
"If you or someone you know has been affected by this scheme, we encourage you to make a report and take actions to protect your assets. Every day, we are working to hold these scammers accountable and provide victims with the resources they need."
How to spot fake file converter tools
Malwarebytes has identified some of these suspect file converters, which include Imageconvertors.com, convertitoremp3.it, convertisseurs-pdf.com and convertscloud.com.
There are several techniques used by the cyber criminals, according to Malwarebytes.
"They encourage you to download a tool on your device to do the conversion. This is the actual malware. You might be recommended to install a browser extension that you can use going forward. These extensions are often browser hijackers and adware," it said.
"In the most sophisticated scenario, the so-called converted file contains malware code that downloads and install an information stealer and everyone who opens it will get their device infected."
A suspect file converter tool is believed to have been behind the hack of major US local newspaper publisher Lee Enterprises last month, claimed by the Qilin ransomware operation.
The attack affected a number of the company's business operations, including product distribution, billing, collections, and vendor payments.
Lee Enterprises said it wasn't clear whether any sensitive data or personally identifiable information was compromised during the breach.
MORE FROM ITPRO
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Hackers are using these malicious npm packages to target developers on Windows, macOS, and Linux systems – here’s how to stay safeNews Security experts have issued a warning to developers after ten malicious npm packages were found to deliver infostealer malware across Windows, Linux, and macOS systems.
-
Cisco ASA customers urged to take immediate action as NCSC, CISA issue critical vulnerability warningsNews Cisco customers are urged to upgrade and secure systems immediately
-
Hackers are disguising malware as ChatGPT, Microsoft Office, and Google Drive to dupe workersNews Beware of downloading applications like ChatGPT, Microsoft Office applications, and Google Drive through search engines
-
Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacksNews Proofpoint said Stealerium has flown under the radar for some time now, but researchers have observed a huge spike in activity between May and August this year.
-
Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malwareNews TrendMicro has called for caution on how much detail is disclosed in security advisories
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malwareNews Researchers say the tool is already achieving the “gold standard” in malware classification
-
Malicious URLs overtake email attachments as the biggest malware threatNews With malware threats surging, research from Proofpoint highlights the increasing use of off-the-shelf 'phish kits' like CoGUI and Darcula
-
Warning issued as new Pakistan-based malware group hits millions globallyNews Tempting people in with offers of pirated software, the network installs commodity infostealers, according to CloudSEK
