In recent weeks, the FBI has raised alarms about the growing threat of malware being spread through fraudulent online file conversion services. These services, which are commonly used to convert documents between formats like PDF and Word, have become a prime target for cybercriminals seeking to exploit unsuspecting users.
A new report from renowned cybersecurity firm CloudSEK sheds light on a particularly sophisticated attack targeting users of PDF-to-DOCX converters.
According to CloudSEK, cybercriminals have been impersonating the legitimate online conversion service pdfcandy.com, creating fake websites with nearly identical user interfaces, including logos and similar-looking domain names such as candyxpdf.com and candyconverterpdf.com.
The fraudulent websites trick users into uploading a PDF file for conversion, after which an animated loading sequence is displayed to foster trust. In a further effort to gain legitimacy, users are prompted to complete a CAPTCHA verification process.
ALSO READ: Cyber Resilience in the Hills: FCRF, CERT-In & ICM Dehradun Join Hands for Cyber Crisis Management Workshop
However, this seemingly benign step is actually part of a carefully orchestrated malware delivery mechanism. Once users complete the CAPTCHA, they are instructed to run a PowerShell command, which triggers the download of a file named “adobe.zip.” Inside this file is the ArechClient malware, a notorious information-stealing Trojan from the SectopRAT family, which has been active since 2019.
Once installed, the ArechClient malware begins harvesting sensitive personal information, including browser passwords and cryptocurrency wallet details, leaving users vulnerable to further attacks such as identity theft and financial fraud.
CloudSEK’s report indicates that over 6,000 users visited these malicious websites last month alone, highlighting the widespread impact of this ongoing campaign.
While several of the fake websites have already been taken down, cybersecurity experts warn that the threat is far from over. Users are advised to be extra cautious when searching for free online file converters. To stay safe, always verify that you are on the official website of the conversion service and avoid downloading or executing any suspicious files.
In the event that you suspect your device has been compromised, experts recommend isolating the affected system immediately and resetting all passwords. For those handling sensitive files, using trusted offline conversion tools is a safer alternative.
As cybercriminals continue to evolve their tactics, vigilance remains key in protecting personal information from these deceptive and dangerous schemes.