Get into the format: how online converters have become a fraud tool
Fraudsters can use online converters to deceive users, experts have warned about this. The use of virtual services designed to change the file format threatens to infect technology with viruses and identity theft. For more information about how scammers can use online converters, how dangerous such schemes are and how to protect themselves from them, read the Izvestia article.
Why online converters are interesting to scammers
Online converters are popular because they allow you to download almost any file (including confidential ones), followed by the issuance of the same document, but in a different format, says Nikita Novikov, an expert on cybersecurity at Angara Security, in an interview with Izvestia. However, many users are unaware that malicious code snippets or exploits (vulnerabilities) may be embedded in the file during conversion.
— As a result, when opening an already "converted" document on a computer or on a corporate network, embedded malicious functionality is launched, — says the specialist. — At the same time, an additional risk factor is associated with the fact that online services can save uploaded user documents on their servers.
According to Nikita Novikov, this gives attackers access to potentially important and confidential information. The more people who use such dubious services, the higher the likelihood of compromising infrastructure and stealing confidential data.
In turn, Evgeny Egorov, a leading analyst at the Digital Risk Protection department of F6, draws attention to another possible danger: attackers under the guise of conversion services can ask users to log in, for example, via mail or messenger and thus steal accounts. At the same time, the threat may be hidden not in the service itself, but in advertisements on its website — there are cases when advertising banners led to malicious resources.
What schemes with online converters should we expect in 2025
In 2025, we should expect an increase in the number of illegitimate resources that will disguise themselves as existing "white" online conversion services, copying their design and functionality, says Nikita Novikov. The attackers have already seen the effectiveness of this model: users upload documents themselves, unaware of a possible substitution.
"This, in turn, can cause a surge in attacks and at the same time damage the reputation of truly useful and secure platforms," the Izvestia source notes.
Domain forgery schemes have previously been encountered on the Runet — for example, the "Typesquatting" technique, when fraudsters register domains that look almost like official ones, but have slight differences in spelling, adds Mikhail Spitsyn, a cyber expert and analytical engineer at the Gazinformservice Strategic Development Laboratory.
For example, a domain may involve replacing one letter or adding an additional character, which leads to confusion among users. On such fake sites, a number of JS files are already being launched at the moment of entry, which is malicious activity, and downloading anything from such sites is certainly not worth it, the expert notes.
— Fraudsters will continue to improve fake websites and use advertising campaigns to distribute fake converters, — predicts Mikhail Spitsyn. — Users may face more advanced attacks through JavaScript and archives that hide the threat.
In addition, according to the expert, the use of artificial intelligence to create fake website shells, as well as fake reviews and ratings in conjunction with combined phishing methods, will increase.
What are the dangers of online converter fraud schemes?
Fraud schemes related to online converters are aimed at a wide audience: from ordinary users who can accidentally upload an infected file to their home computer, to employees of large companies, says Nikita Novikov.
"An unscrupulous converter service can copy and analyze uploaded files," says the Izvestia source. — Attackers not only infect documents, but also gain access to their contents, which can lead to the leakage or sale of confidential information.
If the malicious software introduced during the conversion process gets into the corporate network, the consequences can be serious: attackers can launch an encryptor or gain access to the internal infrastructure of the organization, Nikita Novikov notes.
Attackers understand that many organizations use converters to work with documents, so the schemes associated with them are aimed at both small and large companies, adds Alexey Kubarev, Director of Information Security at T1 Cloud and T1 Integration.
"The danger lies in the fact that such attacks can not only lead to the leakage of confidential information, but also cause serious financial losses due to the shutdown of business processes, the restoration of systems and possible fines for violations of data protection laws," the specialist emphasizes. — Besides, information leakage can damage the reputation of the company and lead to loss of trust on the part of customers.
How to protect yourself from fraudulent schemes with online converters
It is important not to lose your vigilance and use only popular services, says Alexander Samsonov, a leading expert at the Security Code development and testing department. At the same time, if an online service arouses any suspicions, it is better to try to find a similar one, but more trustworthy.
— You should also carefully look at which file was downloaded, and run only files with the appropriate extensions, — advises the interlocutor of Izvestia. — In case of unusual behavior, for example, if macros are required to open a downloaded document, they should not be allowed to run — it is better to close and delete this file immediately.
To protect the device as a whole, it is also advisable to have an antivirus installed with updatable signature databases, the expert says. If the user has opened a suspicious file, the antivirus can help protect the device from the consequences. However, you should not rely entirely on antiviruses.: they will repel most of the known threats, but they cannot detect all possible malware.
For example, at the first stage, a small loader that does not cause an antivirus reaction can be used as executable code, which downloads the malicious payload from the attackers' servers after execution. It is also not recommended to use online converters for documents with important information, especially for documents from organizations rather than personal documents.
"This is how the user himself puts their privacy at risk, and where they get to depends only on the integrity of the site owners," explains Alexander Samsonov. — Instead, it is better to use the programs installed locally on the device. For example, most office suites, including free ones, for different operating systems support working with different document file formats. And for image conversion, built-in editors are quite suitable.
For mobile devices, it is recommended to use applications from official stores. At the same time, as the expert notes, you should not negatively evaluate absolutely all online conversion services and recommend that users completely abandon their use - developers of such resources do a lot of work on creating software and often offer necessary and useful functionality for free. It's just that users themselves need to remain vigilant and trust only reliable services, concludes Alexander Samsonov.
Переведено сервисом «Яндекс Переводчик»
