Regardless of how tech savvy you may be, chances are you’ve likely turned to a free online file converter for help with quickly changing a file from one type to another. However, you may want to think twice before doing so, as the FBI is now warning that hackers are using these free tools to spread dangerous malware to vulnerable PCs.

Whether you want to change a PDF to a DOC or a WebP image to a JPEG, it’s easy to get stumped on the best way to convert one popular file type to another. Sure, Microsoft Office and other writing tools have this functionality built in, but in the heat of the moment, it’s easy to open up your browser and search for a free file converter online.

In a new post, though, the FBI Denver Field Office explains that cybercriminals have seized this opportunity to create malicious sites that instead of converting one file type to another actually install malware on your computer.

YOU MAY LIKE

• Hackers have created hundreds of fake Reddit sites to spread info-stealing malware
• Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates

Here’s everything you need to know about this new online scam, including some tips and tricks to help you stay safe from hackers and the malware they use in their attacks.

From converting files to malware infection

From converting one file type to another to combining multiple images into a single PDF file, cybercriminals are now using all of these different kinds of online tools as a lure in their attacks. It’s also easy to get people to click on them too by using malicious ads which show up at the top of search results.

While many of these tools do exactly what they say they do, the FBI points out that along with your converted files, you could also be downloading malware to your PC or Mac. This isn’t the only scenario used in this new campaign, though.

Unsuspecting users might be coerced into downloading a tool to their computer to do the conversion which is actually malware, or they could be tricked into installing a malicious browser extension that can hijack their search history and steal their browser data.

Once installed on a victim’s computer, the malware used in this campaign can steal personal information and even Social Security numbers (SSNs), financial data like banking passwords, session tokens that can be used to bypass multi-factor-authentication (MFA) and more.

The biggest problem with this new online file converter scam is that many victims don’t realize their computers have been infected until it’s too late. Such an infection can lead to you being locked out of your computer by ransomware or you could even fall victim to identity theft.

Malicious domains to avoid

In a blog post covering this new threat, the team at MalwareBytes Labs has put together a list of malicious domains used recently in these attacks and the specific threat they pose. These are all sites you want to actively avoid:

• Imageconvertors[.]com – Phishing
• convertitoremp3[.]it – Riskware
• convertisseurs-pdf[.]com – Riskware
• convertscloud[.]com – Phishing
• convertix-api[.]xyz – Trojan
• convertallfiles[.]com – Adware
• freejpgtopdfconverter[.]com – Riskware
• primeconvertapp[.]com – Riskware
• 9convert[.]com – Riskware
• Convertpro[.]org – Riskware

Since hackers have a large number of domains at their disposal, the sites listed above will likely be moved to a new domain soon. Still, it’s worth looking out for these ones in particular as they have previously been used in attacks.

How to stay safe from malware

When it comes to avoiding this new threat, the FBI recommends keeping a level head and stopping to think before you click. I know this can be hard to do when someone sends you a document with the wrong file type and you need to quickly convert it, but the end result can be catastrophic if you end up at the wrong website.

Likewise, instead of searching for free file converters online, you’ll want to stop and see if any of the software you already have installed has this same functionality. As I mentioned before, Microsoft Office can be used to convert files, but so can its open-source alternative OpenOffice. When it comes to PDFs, many of the best PDF editors have this functionality built in and if you do want to go the online route, Adobe Acrobat can convert a wide variety of file types to and from PDFs for free.

As for staying safe from malware downloaded accidentally online, you’ll want to make sure that you’re using the best antivirus software on your PC or the best Mac antivirus software on your Apple computer. Antivirus software scans all of your existing files for malware and can warn you when you’re about to download a file that contains malware.

For additional protection from online scams like this one, it might also be worth signing up for the best identity theft protection as these services can help you recover your identity as well as any funds lost to fraud.

Hackers love to go after low-hanging fruit and online file converters are their latest way to lure unsuspecting users into infecting their own computers with malware. This is why you have to practice good cyber hygiene and educate yourself when it comes to the latest online scams. That way, you can stay safe from avoidable ones like this and teach those around you how to spot a scam before they too fall victim to one.