Hackers are using fake PDF conversion tools to spread info-stealing malwares: Here’s how | Technology News

Online PDF converters are used millions of people to quickly convert their documents from one file format to another, but these free services also have a dark side. Last month, the FBI issued a warning that bad actors are using online file conversions services to spread malware.
Following this, the known security firm CloudSEK uncovered a sophiscated attack that involves a fake PDF-to-DOCX converter impersonating the popular online file conversion service pdfcandy.com.
How does the attack work?
According to the security firm, the threat actors not only replicated the user interface elements like logo, but also used a similar looking domain like candyxpdf.com and candyconverterpdf.com to make them look less suspicious.
Story continues below this ad

These fake websites prompt users to upload a PDF file to convert it into a Word document, following which it displays and animated loading sequence to gain the users trust. Users are also prompted with a captcha verification dialogue which further enhances the legitimacy of the website.
Here’s how these fake PDF converting websites infect your system with info-stealing malware. (Image Source: CloudSEK)
When users complete the captcha, they are then prompted the fake website to run a PowerShell command on their system to start the malware delivery process. Once users run the command, a file named ‘adobe.zip’ is downloaded on their system that contains the ArechClient malware belonging to the SectopRAT family of information stealers.
This particular trojan has been active since 2019 and is designed to steal personal information like browser passwords, cryptowallet information and more. While some of the these sites have been already taken down, the report suggests that they websites had more than 6,000 visits last month, which means the exploit has been actively exploited cybercriminals to steal data.
How to stay safe from fake online file converters?
The next time you search for ‘free online file converter’ and upload any file, make sure that you are on the original website and not a rip off. In case you happen to be unaware and are affected the malware, be sure to quickly isolate affected devices and reset your password. Alternatively, you can also resort to offline tools to convert sensitive files whenever possible.
 
© IE Online Media Services Pvt Ltd

Expand