The FBI Denver Field Office has warned of an increasing number of scammy websites offering free online file converter services.
Instead of converting files, the tools actually load malware onto victims’ computers. The FBI warned specifically about that malware leading to ransomware attacks, but we’ve also seen similar sites that install browser hijackers, adware, and potentially unwanted programs (PUPs).
The cybercriminals offer any kind of popular file conversion to attract victims, with the most common ones converting .doc to .pdf files and vice versa. There are also sites that offer to combine multiple images into one .pdf file.
And it’s not as if these file converters don’t work. Usually, they will, and the victim will think nothing more of it. They might even recommend it to a friend or co-worker.
But in the background, their system has hidden malware in the file the victim has downloaded, which is capable of gathering information from the affected device such as:
- Personal identifying information (PII) including Social Security Numbers (SSN).
- Financial information, like your banking credentials and crypto wallets.
- Other passwords and session tokens that could allow the scammers to bypass multi-factor authentication (MFA).
- Email addresses.
There are a few possible scenarios the cybercriminals might pursue:
- They encourage you to download a tool on your device to do the conversion. This is the actual malware.
- You might be recommended to install a browser extension that you can use going forward. These extensions are often browser hijackers and adware.
- In the most sophisticated scenario, the so-called converted file contains malware code that downloads and install an information stealer and everyone who opens it will get their device infected.
By using one of these online converters you could be at risk of getting infected with ransomware or enable criminals to steal your data or identity in full.
Education is key
FBI Denver Special Agent in Charge Mark Michalek stated:
“The best way to thwart these fraudsters is to educate people so they don’t fall victim to these fraudsters in the first place.”
Obviously it also helps to have active anti-malware protection on your device and a browser extension that blocks malicious sites.
If you have fallen victim, or suspect you may have, you should:
- Contact your financial institutions immediately. Work with them to take the necessary steps to protect your identity and your accounts.
- Change all your passwords and do this using a clean, trusted device.
- Report it to the Internet Crime Complaint Center.
IOCs
Below are some recent examples of domains involved in this type of scam and the reason why Malwarebytes products block them.
Imageconvertors[.]com (phishing)
convertitoremp3[.]it (Riskware)
convertisseurs-pdf[.]com (Riskware)
convertscloud[.]com (Phishing)
convertix-api[.]xyz (Trojan)
convertallfiles[.]com (Adware)
freejpgtopdfconverter[.]com (Riskware)
primeconvertapp[.]com (Riskware)
9convert[.]com (Riskware)
Convertpro[.]org (Riskware)
We don’t just report on threats – we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.
