Back to Back Issues Page
Free online file converters that actually install malware
April 03, 2025
Hello

Free online file converters that actually install malware

Watch For Scams is dedicated to helping you avoid becoming a victim of fraud.

If you like this ezine, do a friend a big favor and forward this to them. If a friend forwarded this to you, and if you like what you read, please subscribe by visiting the link below:

Subscribe Here

Free online file converters that actually install malware

The FBI has warned of an increasing number of scammy websites offering free online file converter services.

Instead of converting files, the tools actually load malware onto victims’ computers. The FBI warned specifically about that malware leading to ransomware attacks, but we’ve also seen similar sites that install browser hijackers, adware, and potentially unwanted programs (PUPs).

The cybercriminals offer any kind of popular file conversion to attract victims, with the most common ones converting .doc to .pdf files and vice versa. There are also sites that offer to combine multiple images into one .pdf file.

And it’s not as if these file converters don’t work. Usually, they will, and the victim will think nothing more of it. They might even recommend it to a friend or co-worker.

But in the background, their system has hidden malware in the file the victim has downloaded, which is capable of gathering information from the affected device such as:

1. Personal identifying information (PII) including Social Security Numbers (SSN)

2. Financial information, like your banking credentials and crypto wallets

3. Other passwords and session tokens that could allow the scammers to bypass multi-factor authentication (MFA)

4. Email addresses

There are a few possible scenarios the cybercriminals might pursue:

1. They encourage you to download a tool on your device to do the conversion. This is the actual malware

2. You might be recommended to install a browser extension that you can use going forward. These extensions are often browser hijackers and adware

3. In the most sophisticated scenario, the so-called converted file contains malware code that downloads and install an information stealer and everyone who opens it will get their device infected

By using one of these online converters you could be at risk of getting infected with ransomware or enable criminals to steal your data or identity in full.

If you have fallen victim, or suspect you may have, you should:

1. Contact your financial institutions immediately. Work with them to take the necessary steps to protect your identity and your accounts

2. Change all your passwords and do this using a clean, trusted device

3. Report it to the Internet Crime Complaint Center

Below are some recent examples of domains involved in this type of scam and the reason to block them.

Imageconvertors[.]com (phishing)

convertitoremp3[.]it (Riskware)

convertisseurs-pdf[.]com (Riskware)

convertscloud[.]com (Phishing)

convertix-api[.]xyz (Trojan)

convertallfiles[.]com (Adware)

freejpgtopdfconverter[.]com (Riskware)

primeconvertapp[.]com (Riskware)

9convert[.]com (Riskware)

Convertpro[.]org (Riskware)

If you believe you have been a victim of this type of scam you should promptly report it to the IC3's website at www.IC3.gov. The IC3's complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration.

Remember - always watch for scams!

Steve

Back to Back Issues Page