Los PDF converters Online are widely used tools to transform files between different formats and this type of platforms have become part of the day to day, both personal and professional. But its popularity has also attracted the attention of cybercriminals, who have found in them an effective form of distribute malware.
As reported from CloudSEKthey have discovered a malicious campaign in which the attackers clon legitimate websites such as pdfcandy.com, copying their logo and design to deceive users. Once someone accesses these false sites and tries to convert a file, A false load and captcha screen is presented.
The user does not realize that the information is stolen
Instead of simply confirming that it is a person, that step Activate a hidden command that downloads a malicious file. The file contains a type of malware called Arechclient2, which belongs to a family known as Sectoprat and once it is within the system disguises itself using normal processes of Windows.
Then, Start collecting data As passwords saved in browsers, cryptocurrency wallet information, among others, but Everything happens without the user realizing and the stolen information is sent to the criminals. The FBI has already warned that this type of tactics are increasing, and that the sites to convert online files are increasingly being used to spread viruses.
From the cybersecurity company they give a series of Tips and precautions To use these services and avoid these attacks:
- Do not open converters from random links or doubtful search results. It is better to write directly the site address in the browser or use recognized services.
- Check the website address well. Sometimes, a small spelling error may indicate that it is false.
- Never run commands or download files that the site suggests after uploading a document.
- Keep your active and updated antivirus, and analyze the files before opening them.
- If you notice something suspicious, close the page immediately.
Sign up to us newsletter And receive the latest news about technology in your mail.
