FBI: Free file converter sites and tools deliver malware
Malware peddlers are increasingly targeting users who are searching for free file converter services (websites) and tools, the FBI’s Denver Field Office has warned earlier this month.
“To conduct this scheme, cyber criminals across the globe are using any type of free document converter or downloader tool. This might be a website claiming to convert one type of file to another, such as a .doc file to a .pdf file. It might also claim to combine files, such as joining multiple .jpg files into one .pdf file. The suspect program might claim to be an MP3 or MP4 downloading tool,” the FBI said.
“These converters and downloading tools will do the task advertised, but the resulting file can contain hidden malware giving criminals access to the victim’s computer.”
Also, some of these tools and services can analyze the files submitted by the users, and scrape them for personal identifying information (PII), banking and crypto-related info (e.g., crypto wallet seed phrases), passwords, and other sensitive information.
How to avoid this threat?
The FBI hasn’t explained how users could spot potentially malicious sites, but has advised users to regularly updated their antivirus software and scan any file they receive or download before opening it.
Malwarebytes researcher Pieter Arntz says that while the FBI warns about these tools downloading infostealers and malware that could lead to ransomware attacks, they have also been known to install browser hijackers, adware, and potentially unwanted programs.
He also provided a list of domains hosting sites that ostensibly provide file conversion services or tools, but actually engage in phishing and delivering trojans, adware and “riskware” – a category that encompasses programs that are not strictly malicious, but pose some sort of risk for the user (e.g., programs that can be used as a backdoor for other malware, may be illegal, or may violate the terms of service of other software or a user platform):
- Imageconvertors[.]com (Phishing)
- Convertitoremp3[.]it (Riskware)
- Convertisseurs-pdf[.]com (Riskware)
- Convertscloud[.]com (Phishing)
- Convertix-api[.]xyz (Trojan)
- Convertallfiles[.]com (Adware)
- Freejpgtopdfconverter[.]com (Riskware)
- Primeconvertapp[.]com (Riskware)
- 9convert[.]com (Riskware)
- Convertpro[.]org (Riskware)
Some of these sites have since been abandoned and probably moved to another domain, but some are still working and should be avoided.
Users who have been saddled with malware through one of these sites are advised to contact their financial institutions so they can help them protect their accounts, and to change all their passwords using a clean, trusted device.
“If you or someone you know has been affected by this scheme, we encourage you to make a report and take actions to protect your assets. Every day, we are working to hold these scammers accountable and provide victims with the resources they need,” Mark Michalek, FBI Denver Special Agent in Charge, advised.