Malware peddlers are increasingly targeting users who are searching for free file converter services and tools, as highlighted by the FBI’s Denver Field Office earlier this month. Cyber criminals are employing a variety of free document converters and downloader tools to execute their schemes. These deceptive websites often promise to convert files from one format to another, such as transforming a .doc file into a .pdf, or combining multiple .jpg files into a single .pdf. Some may even masquerade as MP3 or MP4 downloading tools.
The FBI cautions that while these converters and downloading tools may fulfill their advertised functions, the files produced can harbor hidden malware, granting criminals unauthorized access to the victim’s computer. Additionally, certain tools can analyze submitted files, extracting personal identifying information (PII), banking details, cryptocurrency-related information (including crypto wallet seed phrases), passwords, and other sensitive data.
How to avoid this threat?
While the FBI has not provided specific guidance on identifying potentially malicious sites, they recommend that users keep their antivirus software up to date and scan any downloaded files before opening them. Pieter Arntz, a researcher at Malwarebytes, emphasizes that the FBI’s warnings extend beyond infostealers and malware leading to ransomware attacks. These tools can also install browser hijackers, adware, and potentially unwanted programs.
Arntz has compiled a list of domains that host sites claiming to offer file conversion services but are actually engaged in phishing, delivering trojans, adware, and what is termed “riskware.” This category includes programs that may not be overtly malicious but still pose risks to users, such as providing backdoors for other malware or violating terms of service agreements. The following domains have been flagged:
- Imageconvertors[.]com (Phishing)
- Convertitoremp3[.]it (Riskware)
- Convertisseurs-pdf[.]com (Riskware)
- Convertscloud[.]com (Phishing)
- Convertix-api[.]xyz (Trojan)
- Convertallfiles[.]com (Adware)
- Freejpgtopdfconverter[.]com (Riskware)
- Primeconvertapp[.]com (Riskware)
- 9convert[.]com (Riskware)
- Convertpro[.]org (Riskware)
Although some of these sites may have been abandoned and relocated to new domains, others remain operational and should be avoided. Users who find themselves affected by malware from these sites are urged to reach out to their financial institutions for assistance in safeguarding their accounts and to change all passwords using a secure, trusted device.
Mark Michalek, the FBI Denver Special Agent in Charge, advises, “If you or someone you know has been affected by this scheme, we encourage you to make a report and take actions to protect your assets. Every day, we are working to hold these scammers accountable and provide victims with the resources they need.”
