The FBI has issued an alert over the rise of fake file converter tools online after observing a spate of scams and ransomware attacks.
According to the FBI Denver Field Office, cyber criminals are creating free online document converter tools to load malware onto victims’ computers, leading in some cases to identity theft or ransom demands.
Threat actors are exploiting a range of file converter or downloader tools, officials warned, including one website claiming to convert one type of file to another, such as a .doc file to a .pdf file.
The tool may also claim to combine files, such as joining multiple .jpg files into one .pdf file, or to be an MP3 or MP4 downloading tool.
These converters and downloading tools will do the job they claim, but leave the resulting file holding hidden malware that gives criminals access to the victim’s computer.
These tools can also scrape the submitted files for personal identifying information, such as social security numbers, dates of birth, phone numbers, banking information, cryptocurrency information such as seed phrases or wallet addresses, email addresses, and passwords.
"The best way to thwart these fraudsters is to educate people so they don’t fall victim to these fraudsters in the first place," said FBI Denver special agent in charge Mark Michalek.
"If you or someone you know has been affected by this scheme, we encourage you to make a report and take actions to protect your assets. Every day, we are working to hold these scammers accountable and provide victims with the resources they need."
How to spot fake file converter tools
Malwarebytes has identified some of these suspect file converters, which include Imageconvertors.com, convertitoremp3.it, convertisseurs-pdf.com and convertscloud.com.
There are several techniques used by the cyber criminals, according to Malwarebytes.
"They encourage you to download a tool on your device to do the conversion. This is the actual malware. You might be recommended to install a browser extension that you can use going forward. These extensions are often browser hijackers and adware," it said.
"In the most sophisticated scenario, the so-called converted file contains malware code that downloads and install an information stealer and everyone who opens it will get their device infected."
A suspect file converter tool is believed to have been behind the hack of major US local newspaper publisher Lee Enterprises last month, claimed by the Qilin ransomware operation.
The attack affected a number of the company's business operations, including product distribution, billing, collections, and vendor payments.
Lee Enterprises said it wasn't clear whether any sensitive data or personally identifiable information was compromised during the breach.
MORE FROM ITPRO
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malwareNews Researchers say the tool is already achieving the “gold standard” in malware classification
-
AWS CEO Matt Garman just said what everyone is thinking about AI replacing software developersNews Junior developers aren’t going anywhere, according to AWS CEO Matt Garman
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malware
News Researchers say the tool is already achieving the “gold standard” in malware classification
-
Malicious URLs overtake email attachments as the biggest malware threatNews With malware threats surging, research from Proofpoint highlights the increasing use of off-the-shelf 'phish kits' like CoGUI and Darcula
-
Warning issued as new Pakistan-based malware group hits millions globallyNews Tempting people in with offers of pirated software, the network installs commodity infostealers, according to CloudSEK
-
OpenAI is clamping down on ChatGPT accounts used to spread malwareNews Tools like ChatGPT are being used by threat actors to automate and amplify campaigns
-
It's been a bad week for ransomware operatorsNews A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Hackers are using Zoom’s remote control feature to infect devices with malwareNews Security experts have issued an alert over a new social engineering campaign using Zoom’s remote control features to take over victim devices.
-
Hackers are duping developers with malware-laden coding challengesNews A North Korean state-sponsored group has been targeting crypto developers through fake coding challenges given as part of the recruitment process.
-
‘Phishing kits are a force multiplier': Cheap cyber crime kits can be bought on the dark web for less than $25 – and experts warn it’s lowering the barrier of entry for amateur hackersNews Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
