The Federal Bureau of Investigation’s Denver Field Office has issued an urgent alert regarding a sophisticated cybersecurity threat that has been increasingly targeting individuals and organizations across the United States.
Threat actors are now deploying malicious software disguised as free online file converter tools to distribute ransomware and other malware.
Deceptive Conversion Services Mask Malicious Code
FBI Denver Special Agent in Charge Mark Michalek emphasized the growing prevalence of this threat: “The best way to thwart these fraudsters is to educate people so they don’t fall victim to these fraudsters in the first place,” noting that the scheme has become “rampant” across the country.
.png
)
These malicious services typically operate by offering seemingly legitimate file conversion capabilities – such as converting .doc files to .pdf format, combining multiple .jpg images into a single document, or downloading MP3 and MP4 media files.
While the tools successfully perform the advertised conversions, they simultaneously install hidden malware that grants cybercriminals unauthorized access to victims’ systems.
Assistant Special Agent Marvin Massey confirmed that incidents have been reported within the Denver metro area as recently as two weeks ago, indicating the active nature of this threat campaign.
Stop attacks before they start, powered by a 97% precise neural Network to Detect Cyber Attacks
Security researchers have identified several malicious domains involved in these operations, including “imageconvertors[.]com” (phishing), “convertitoremp3[.]it” (riskware), and “convertscloud[.]com” (phishing).
In a particularly concerning case uncovered by Cyble Research and Intelligence Labs, the phishing site “convertigoto.net” was found impersonating the legitimate Convertio service.
When users downloaded their “converted” files, they actually received a zip archive containing a malicious shortcut file (“YourConvertedFile.lnk”).
This attack ultimately delivers RedLine Stealer malware, which can extract sensitive information from web browsers, cryptocurrency wallets, and applications like FileZilla, Discord, Steam, and Telegram.
Extensive Data Theft Capabilities
The malware deployed through these fake converters can harvest:
- Personal identifying information, including Social Security numbers.
- Banking credentials and financial information.
- Cryptocurrency wallet addresses and seed phrases.
- Email addresses and passwords.
- Browser data, including cookies and autofill information.
The FBI advises users to:
- Download software only from trusted websites affiliated with reputable companies.
- Keep antivirus software updated and scan all files before opening.
- Use built-in conversion tools in existing applications when possible.
- Report incidents to the FBI’s Internet Crime Complaint Center at www.ic3.gov.
If infected, victims should immediately contact their financial institutions, change all passwords using an uninfected device, and consider professional malware removal services.
As this scheme continues to evolve globally, maintaining vigilance around free online tools remains essential for protecting personal and organizational digital assets.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
