CGI Weekly

March 19, 2025

FBI Warns Against Free Online File Converters Spreading Malware

The FBI has issued an alert regarding the rising abuse of free online file converter websites by cybercriminals to deliver malware. These seemingly legitimate tools are being used to infect users’ devices with spyware, adware, trojans, and other malicious software. Once installed, these payloads can lead to data theft, system compromise, and financial loss.

Threat Details

  • Threat Actor: Cybercriminal groups exploiting popular file conversion platforms.
  • Attack Vector: Downloaded files from malicious file converter sites.
  • Payloads:
  • Adware
  • Spyware
  • Remote Access Trojans (RATs)
  • Target Victims: General users, small businesses, remote workers.
  • Impact:
  • Credential theft
  • Data exfiltration (personal and financial data)
  • System compromise and unauthorized remote access
  • Reduced device performance due to adware
  • Emerging Trend: Hackers constantly cycle through new domains, so today's malicious sites may resurface under different names.

Malicious File Converter Sites to Avoid

These domains are currently associated with phishing, malware, adware, and riskware campaigns:

Domains
imageconvertors[.]com
convertitoremp3[.]it
convertisseurs-pdf[.]com
convertscloud[.]com
convertix-api[.]xyz

convertallfiles[.]com
freejpgtopdfconverter[.]com
primeconvertapp[.]com
9convert[.]com
convertpro[.]org

Note: These sites may migrate to new domains over time. Always exercise caution when using online file converters, especially those offering free services.

Recommendations

  • Avoid using free online file converters unless verified as secure.
  • Deploy advanced endpoint protection and antivirus software.
  • Block known malicious domains and IP addresses via network security controls.
  • Educate employees and end users about the risks of free file converters.
  • Monitor for suspicious activity following any file downloads.

Indicators of Compromise (IOCs)

Type of Indicator
URL
hxxp://freefileconvert[.]xyz
hxxp://pdfconverterfree[.]online
IP Address
185.234.219[.]87
91.215.85[.]22
File Hash
e2c865db4162bed963bfaa9ef6ac18f0b83b068d   (SHA-1)
 9d5e3d8b51b89eae89a4e6fa2c32d5fba0fcd5e5   (SHA-1)
File Name
Document_Converter_Setup.exe
Free_PDF_to_Word_Tool.exe

 Cyber Guardian Intelligence - Intel Driven Defense, Always One Step Ahead.

Initial Access Brokers (IAB)s are becoming more valuable to malicious actors

April 21, 2025
Initial Access Brokers (IABs) are becoming more important for ransomware operators and other malicious actors.

Phishing Platform 'Lucid' causing havoc on iOS and Android messages

March 31, 2025
Lucid PhaaS carries out Large-Scale iOS and Android Phishing Campaigns

Medusa Ransomware

March 12, 2025
Medusa Ransomware has impacted over 300 organizations in critical infrastructure sectors in the United States

Ghost Ransomware continues to attack all industries

March 12, 2025
Ghost Ransomware continues to attack all industries

API Keys and passwords found in AI Training Dataset

March 5, 2025
Large amount of API keys and passwords found in AI Training Dataset

Large breached data set - 284 million credentials

February 26, 2025
Have I Been Pwned adds 284M accounts stolen by infostealer malware

Massive Botnet Targets Microsoft 365

February 26, 2025
Massive Botnet Targets Microsoft 365