The FBI Denver Field Office has issued a warning about a rising number of fraudulent websites offering free online file conversion services. These scams are being used to infect users’ devices with malware, enabling hackers to remotely access sensitive information, such as email addresses, passwords, Social Security numbers, cryptocurrency wallet details, and other personal data.
Marvin Massey, Assistant Special Agent at the FBI’s Denver Field Office, described the issue as “rampant” across the United States, with a reported case in the Denver Metro area within the past two weeks. Many victims remain unaware their computers have been compromised until it’s too late, by which point their identities may already have been stolen or their devices locked with ransomware.
The warning appears to target both online file conversion websites and downloadable apps used to convert files between formats. Such malicious tools are capable of extracting a range of information, including:
- Personal identifying details, such as Social Security Numbers (SSN)
- Banking credentials and cryptocurrency wallet information
- Passwords and session tokens, which could bypass multi-factor authentication (MFA)
- Email addresses
The FBI is also asking victims to reach out if they suspect they’ve encountered malicious file converter tools. This effort aims to shut down fraudulent websites and identify the perpetrators behind these schemes. Moreover, cybersecurity tools like Malwarebytes have flagged numerous domains associated with such scams and provided reasons for blocking them.
List of malicious domains
- Imageconvertors[.]com – Phishing
- convertitoremp3[.]it – Riskware
- convertisseurs-pdf[.]com – Riskware
- convertscloud[.]com – Phishing
- convertix-api[.]xyz – Trojan
- convertallfiles[.]com – Adware
- freejpgtopdfconverter[.]com – Riskware
- primeconvertapp[.]com – Riskware
- 9convert[.]com – Riskware
- Convertpro[.]org – Riskware
