Pierluigi Paganini
March 24, 2025
The FBI warns that threat actors use malicious online document converters to steal users’ sensitive information and infect their systems with malware.
“The FBI Denver Field Office is warning that agents are increasingly seeing a scam involving free online document converter tools, and we want to encourage victims to report instances of this scam.” reads the alert. “In this scenario, criminals use free online document converter tools to load malware onto victims’ computers, leading to incidents such as ransomware.”
Fake file converters and download tools may perform advertised tasks but can provide resulting files containing hidden malware, giving criminals access to victims’ devices. They can also steal personal data, banking details, cryptocurrency info, emails, and passwords by scraping the files the users upload.
“To conduct this scheme, cyber criminals across the globe are using any type of free document converter or downloader tool. This might be a website claiming to convert one type of file to another, such as a .doc file to a .pdf file. It might also claim to combine files, such as joining multiple .jpg files into one .pdf file.” continues the alert. “The suspect program might claim to be an MP3 or MP4 downloading tool.”
Victims often realize too late that malware has infected their devices, leading to ransomware or identity theft. The FBI urges reporting to IC3.gov.
The FBI Denver Field Office advises staying cautious online, being aware of potential risks, and keeping antivirus software updated to scan files before opening them. If users fall victim to this scam, immediately contact their financial institutions, secure their accounts, and change all passwords using a trusted device. Reporting the incident to IC3.gov and running a virus scan or seeking professional malware removal is also recommended.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, free online document converters)
