FBI Alerts Confirm Reality: Fake File Converters Spread Malware*

**FBI Alerts Confirm Reality: Fake File Converters Spread Malware**Not a valid attachment ID..
The FBI has issued a warning about fraudulent online document converters that are being exploited to steal personal information and, in severe cases, deploy ransomware on the devices of unsuspecting users.

This alert was released last week by the FBI's Denver field office, following a sharp increase in reports related to such deceptive tools. "The FBI Denver Field Office has noted a rise in scams involving free online document converter tools and urges victims to report such incidents," the advisory states. "In these cases, criminals utilize free online document converters to introduce malware to victims' devices, culminating in threats like ransomware." According to the FBI, cybercriminals are creating websites that advertise free document conversion, downloading, or file merging tools. "To execute this scheme, cybercriminals globally leverage various free document converters or downloaders.

These sites may claim to convert files from one format to another, like .doc to .pdf, or combine multiple .jpg files into a single .pdf," the FBI explained. "Some may even present themselves as tools for downloading MP3 or MP4 files." While the promised functionality of these online tools may be legitimate, the FBI warns that the resulting files can conceal hidden malware capable of providing remote access to infected devices.

Additionally, uploaded documents risk being scraped for sensitive data, including names, Social Security numbers, cryptocurrency keys, passphrases, wallet addresses, email accounts, passwords, and banking details. The FBI Denver field office reported to BleepingComputer that users are filing complaints about these scams at IC3.gov, with one public organization in the Denver area reporting a scam within the last three weeks. "The scammers often imitate legitimate URLs by altering just a single character or using 'INC' instead of 'CO,'" Vikki Migoya from the FBI Denver Public Affairs Office explained to BleepingComputer. "Individuals who formerly searched for 'free online file converter' may be at risk, as search algorithms now frequently include paid results that could be fraudulent." While the FBI refrains from disclosing specific technical details to avoid tipping off scammers, they recognize that threat actors have successfully employed these tools for malware deployment. Online Converters as Potential Malware Vectors: Doubts have been raised regarding the potential for free document converters to introduce malware and ransomware, and the answer is affirmative. Last week, cybersecurity researcher Will Thomas highlighted some websites posing as online document converters, including docu-flex[.]com and pdfixers[.]com.

Although these sites are no longer operational, they distributed Windows executables named Pdfixers.exe and DocuFlex.exe, both flagged as malware. A cybersecurity expert who monitors the Gootloader infection has previously reported on a Google ad campaign that promoted fake file converter websites. These sites promised to convert files but instead facilitated the download of Gootloader malware. "Upon visiting this WordPress site, I encountered a form to upload a PDF for conversion to a .DOCX file packaged in a .zip," the researcher recounted. "However, after filtering users based on their country and previous visits to the same subnet within 24 hours, they instead received a .JS file in the .zip instead of an authentic .DOCX." This JavaScript file is Gootloader, a malware loader notorious for delivering additional malicious payloads, including banking trojans, information stealers, and post-exploitation tools like Cobalt Strike beacons. By deploying these payloads, threat actors can compromise corporate networks and distribute malware laterally to other machines. Such attacks have previously resulted in significant ransomware incidents, including those perpetrated by REvil and BlackSuit. While not every file converter is malicious, it is crucial to conduct thorough research before using them and to check reviews before downloading any associated software. When encountering an unfamiliar site, it's advisable to steer clear entirely.

If you decide to use an online file converter or downloader, ensure that you analyze any resulting files, as executables or JavaScript files are likely to be harmful.

Source@FBI

[attachment deleted by admin]