<https://www.bleepingcomputer.com/news/security/fbi-warnings-are-true-fake-file-converters-do-push-malware/>

FBI warnings are true—fake file converters do push malware
By Lawrence Abrams
March 23, 2025 10:09 AM

The FBI is warning that fake online document converters are being used
to steal peoples’ information and, in worst-case scenarios, to deploy ransomware on victims' devices.

The warning came last week from the FBI Denver field office, after
receiving an increasing number of reports about these types of tools.

"The FBI Denver Field Office is warning that agents are increasingly
seeing a scam involving free online document converter tools, and we
want to encourage victims to report instances of this scam," reads the
warning.

"In this scenario, criminals use free online document converter tools to
load malware onto victims' computers, leading to incidents such as
ransomware."

The FBI says that cybercriminals are creating websites that promote free document converts, download tools, or file merging tools.

"To conduct this scheme, cyber criminals across the globe are using any
type of free document converter or downloader tool. This might be a
website claiming to convert one type of file to another, such as a .doc
file to a .pdf file," continued the FBI

"It might also claim to combine files, such as joining multiple .jpg
files into one .pdf file. The suspect program might claim to be an MP3
or MP4 downloading tool."

While the online tools work as advertised, the FBI says the resulting
file may also contain hidden malware that can be used to gain remote
access to the infected device.

The FBI also says that the uploaded documents can also be scraped for
sensitive information, such as names, social security numbers,
cryptocurrency seeds, passphrases, wallet addresses, email addresses, passwords, and banking information.

The FBI Denver field office told BleepingComputer that people are
reporting these scams to IC3.gov, with one public sector entity
reporting the scam in metro Denver in the last three weeks.

"The scammers try to mimic URLs that are legit – so changing just one
letter, or 'INC' instead of 'CO'," Vikki Migoya, the Public Affairs
Office for FBI Denver, told BleepingComputer.

“Users who in the past would type ‘free online file converter’ into a search engine are vulnerable, as the algorithms used for results now
often include paid results, which might be scams.”

While the FBI told BleepingComputer they could not share any further
technical details as it would let the scammers know what is working,
threat actors have been known to utilize these tools to deploy malware.

Online converters lead to malware
Some have questioned whether these free document converters can lead to
malware and ransomware attacks, and the answer is yes.

Last week, cybersecurity researcher Will Thomas shared some sites that
claimed to be online document converters, such as docu-flex[.]com and pdfixers[.]com.

While these sites are no longer available, they distributed Windows
executables named Pdfixers.exe [VirusTotal] and DocuFlex.exe
[VirusTotal], which are both detected as malware.

A cybersecurity researcher known for tracking the Gootloader infection
also reported in November about a Google advertising campaign that
promoted fake file converter sites. These sites pretended to convert
your files but instead caused you to download the Gootloader malware.

"Visiting this WordPress site (surprise!), I found a form for uploading
a PDF to convert it to a .DOCX file inside a .zip," explained the
researcher.

"But after passing certain checks—being from an English-speaking country
and not having visited in the past 24 hours on the same class C
subnet—users instead receive a .JS file inside the .zip rather than a
genuine .DOCX."

This JavaScript file is Gootloader, a malware loader known for
downloading additional malware, such as banking trojans, infostealers,
malware downloaders, and post-exploitation tools, like Cobalt Strike
beacons.

Using these additional payloads, the threat actors breach corporate
networks and spread laterally to other computers. Attacks like these
have led to full-blown ransomware attacks in the past, such as those by
REvil and BlackSuit.

While not all file converters are malware, it’s essential to research
them before using and check reviews before downloading any programs.

If a site is relatively unknown, it is better to avoid it altogether.

If you use an online file converter or downloader, be sure to analyze
any resulting file from the site, as if they are an executable or
JavaScript, they are most definitely malicious.
--
God be with you,

CrudeSausage
John 14:6

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2025-03-24 2:49 p.m., RonB wrote:

On 2025-03-24, CrudeSausage <crude@sausa.ge> wrote:

<https://www.bleepingcomputer.com/news/security/fbi-warnings-are-true-fake-file-converters-do-push-malware/>

If you use an online file converter or downloader, be sure to analyze
any resulting file from the site, as if they are an executable or
JavaScript, they are most definitely malicious.

With Linux these online sites are unnecessary. Converting files is extremely easy (and fast) using terminal commands.

Absolutely. I should mention that part of why I believe that Ubuntu
24.04's slowness was due to the use of Snap is because I use that above
command to convert my work-related docx files to odt. Under Ubuntu, the
process was very slow, presumably because of the slow processor in the i5-5250u. However, doing the exact same thing under Linux Mint was very
fast, even comparable to doing it on my main laptop. The difference, of
course, is that LibreOffice in Linux Mint is a deb. To say the least,
while Ubuntu revives a machine that Apple abandoned, it is definitely
not a distribution that caters to slower machines.

--
God be with you,

CrudeSausage
John 14:6

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2025-03-24 4:01 p.m., RonB wrote:

On 2025-03-24, CrudeSausage <crude@sausa.ge> wrote:

On 2025-03-24 2:49 p.m., RonB wrote:

On 2025-03-24, CrudeSausage <crude@sausa.ge> wrote:

<https://www.bleepingcomputer.com/news/security/fbi-warnings-are-true-fake-file-converters-do-push-malware/>

If you use an online file converter or downloader, be sure to analyze
any resulting file from the site, as if they are an executable or
JavaScript, they are most definitely malicious.

With Linux these online sites are unnecessary. Converting files is extremely
easy (and fast) using terminal commands.

Absolutely. I should mention that part of why I believe that Ubuntu
24.04's slowness was due to the use of Snap is because I use that above
command to convert my work-related docx files to odt. Under Ubuntu, the
process was very slow, presumably because of the slow processor in the
i5-5250u. However, doing the exact same thing under Linux Mint was very
fast, even comparable to doing it on my main laptop. The difference, of
course, is that LibreOffice in Linux Mint is a deb. To say the least,
while Ubuntu revives a machine that Apple abandoned, it is definitely
not a distribution that caters to slower machines.

That's what I was thinking. It looks Ubuntu is working its way to requiring higer specs than most Linux distributions need — it getting kind of like Windows in that regard (although you can still run Ubuntu on older
machines).

It should be noted that Ubuntu has other editions which probably don't
run as slow, especially if they don't use Snap. I think they do, but I
don't remember.

--
God be with you,

CrudeSausage
John 14:6

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Mon, 24 Mar 2025 15:23:47 -0400, CrudeSausage wrote:

On 2025-03-24 2:49 p.m., RonB wrote:

On 2025-03-24, CrudeSausage <crude@sausa.ge> wrote:

<https://www.bleepingcomputer.com/news/security/fbi-warnings-are-true- fake-file-converters-do-push-malware/>

If you use an online file converter or downloader, be sure to analyze
any resulting file from the site, as if they are an executable or
JavaScript, they are most definitely malicious.

With Linux these online sites are unnecessary. Converting files is
extremely easy (and fast) using terminal commands.

Absolutely. I should mention that part of why I believe that Ubuntu
24.04's slowness was due to the use of Snap is because I use that above command to convert my work-related docx files to odt. Under Ubuntu, the process was very slow, presumably because of the slow processor in the i5-5250u. However, doing the exact same thing under Linux Mint was very
fast, even comparable to doing it on my main laptop. The difference, of course, is that LibreOffice in Linux Mint is a deb. To say the least,
while Ubuntu revives a machine that Apple abandoned, it is definitely
not a distribution that caters to slower machines.

LibreOffice on my Ubuntu box is not a snap nor is it a flatpak on the
Fedora box. I may be suffering from amnesia but I believe it was part of
the default install on both systems. I install it on my work Windows
machines in case I have to read docx stuff but otherwise I have no use
for it. Unlike 'Quigley Down Under' I don't know how to use it either.

https://www.youtube.com/watch?v=5rd_cDImgc4

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

RonB <ronb02NOSPAM@gmail.com> wrote at 18:49 this Monday (GMT):

On 2025-03-24, CrudeSausage <crude@sausa.ge> wrote:

<https://www.bleepingcomputer.com/news/security/fbi-warnings-are-true-fake-file-converters-do-push-malware/>

If you use an online file converter or downloader, be sure to analyze
any resulting file from the site, as if they are an executable or
JavaScript, they are most definitely malicious.

With Linux these online sites are unnecessary. Converting files is extremely easy (and fast) using terminal commands.

Even something like pandoc can be installed on a Windows machine.
--
user <candycane> is generated from /dev/urandom

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)