Daily News Update: Monday, March 24, 2025 (Australia/Melbourne)
Fake File Converters Distributing Malware
The FBI has warned about the increasing use of fraudulent online document converters to deploy malware and steal user data. These malicious sites often mimic legitimate URLs and are promoted through search engine results, including paid advertisements. The FBI Denver field office has received reports through IC3.gov regarding these scams, including one from a public sector entity in metro Denver.
"In this scenario, criminals use free online document converter tools to load malware onto victims' computers, leading to incidents such as ransomware."
Cybersecurity researcher Will Thomas shared examples of such sites, including docu-flex[.]com and pdfixers[.]com, which distributed malware-laden Windows executables. Another researcher tracking the Gootloader malware reported a Google advertising campaign promoting fake file converter sites that delivered the Gootloader malware instead of the converted file.
Gootloader is known for downloading additional malware, such as banking trojans and Cobalt Strike beacons, facilitating network breaches and deployment of REvil and BlackSuit ransomware.
The FBI advises users to be cautious when using online file converters, to research them thoroughly, and to analyse any downloaded files for malicious content, particularly executables or JavaScript files.
Bleeping Computer | "FBI warnings are true—fake file converters do push malware"
