FBI Warns of Malicious File‑Converter Sites

by Justin Erickson

The FBI’s Denver Field Office has issued a public alert about fraudulent “free” file‑converter websites that bundle information‑stealing malware or ransomware into the files they return to users. The Bureau says criminals copy well‑known services—such as PDF‑to‑DOCX tools—and lure victims through look‑alike domains and paid search ads. Once run, the downloaded files can siphon credentials, banking details, crypto‑wallet data, and more. Follow‑up research from multiple outlets confirms the threat. Analysts observed domains like docu‑flex[.]com and pdfixers[.]com distributing Windows executables that install the SectopRAT (ArechClient) infostealer, while other fake converters deploy ransomware after harvesting data. CloudSEK’s technical teardown shows one of the attack chains: a convincing upload page, fake CAPTCHA, then a prompt that executes a PowerShell script to pull a malicious ZIP archive named ‘adobe.zip’ from a redirect chain. The stealer exfiltrates browser passwords and crypto keys before attempting further payloads. Anyone searching for quick file conversions is a potential target. If you don’t know the trustability of a website, then don’t use it – and consider other options like offline converters.