Threat actors may attempt to distribute malware, including ransomware, by offering free document converters, according to a March 7 report from the FBI’s Denver office. “Agents are increasingly seeing” this type of scam. The scheme has been deployed globally, the FBI warned.
How the document conversion scam works
Threat actors behind the document converter scam disguise malicious software as a legitimate tool for file conversion. The software may claim to convert .doc files to .pdf files, merge multiple .jpg files into a single .pdf file, or download MP3 or MP4 audio files. In most cases, the downloaded software performs the advertised conversion. However, it also grants the attacker access to the victim’s computer.
Once installed, the malware allows threat actors to download additional malicious software or access files submitted for conversion. If these files contain identifying information — such as dates of birth, social security numbers, or phone numbers — the threat actor may exploit them for identity theft. The attacker could scrape the submitted files for banking information, seed phrases and other information associated with cryptocurrency wallets, email addresses, and passwords.
Must-read security coverage
- UK Police Convicts Pair in £5.5 Billion Bitcoin Launder Case
- Blackpoint Cyber vs. Arctic Wolf: Which MDR Solution is Right for You?
- How GitHub Is Securing the Software Supply Chain
- 8 Best Enterprise Password Managers
How to protect yourself from malware
Avoiding a malware-filled download comes down to taking basic cybersecurity precautions. Download software only from trusted websites affiliated with reputable companies. Avoid clicking on sidebar ads, downloading files from anonymous forums, or trusting social media offers that seem too good to be true. Keep antivirus software updated and scan any file before downloading it.
In many cases, online converters are unnecessary. Most word processors offer a built-in “export to pdf” function.
SEE: Rich Communication Services (RCS) standards will eventually allow encrypted messages between iMessage and Google Messages.
What to do if your computer is infected
A ransomware infection may be indicated by a message stating that the computer has been locked or by the presence of suspicious financial transactions. In such cases, the victim should inform their financial institution of any fraudulent transactions. The bank may temporarily freeze the affected accounts. The user should switch to an uninfected device to change the passwords on important accounts and accounts that seem to have been affected.
Internet crimes can be reported to the U.S. government at IC3.gov.
The FBI report recommended taking the affected device to a computer repair center or other professional organization that performs virus and malware removal services.