Adapted by:
Jose García
WriterTech journalist. Head of new formats at Xataka and TikTok presenter. I specialize in consumer tech and video games.
Alba Mora
WriterAn established tech journalist, I entered the world of consumer tech by chance in 2018. In my writing and translating career, I've also covered a diverse range of topics, including entertainment, travel, science, and the economy.
Many readers will likely be familiar with this situation. You need to convert a PDF file to .doc to edit it in Word. One option is to pay for the Premium version of Adobe Acrobat, which allows for this conversion. However, most people might opt to search for “convert PDF to Word” on Google, access a free online tool, and upload their PDF without taking necessary precautions. Unfortunately, the FBI recently warned that this seemingly innocent action can have serious consequences.
Context. On March 7, the FBI office in Denver issued an official statement indicating that “agents are increasingly seeing a scam involving free online document converter tools.” The modus operandi is relatively straightforward. “Criminals use free online document converter tools to load malware onto victims’ computers, leading to incidents such as ransomware,” the FBI explains.
How do hackers do it? According to the FBI, cybercriminals use free file converter or downloader tools. While officials don’t specify particular names, they note that the attack vector can be websites claiming to convert a PDF to Word or combine several images into a PDF. The path attackers use can also be tools for downloading videos or converting MP4 to MP3 files. You’ve probably used similar tools before.
Infected functionalities. While these tools may function as advertised, there’s no guarantee that the returned file is free from infection. PDFs can contain malware, including JavaScript code designed to exploit vulnerabilities or trigger processes on your PC. An MP3 file can also be infected. Even if it doesn’t infect your device directly, it could exploit vulnerabilities in a media player.
Beyond infected files. These tools can also gather valuable information from your uploads. For instance, if you upload a PDF with your email address and phone number, the owners of the malicious website may use that information for illegitimate purposes. This concern extends to bank details, passwords, and personal photos, among other sensitive data.
Caution. While not all online tools are malicious, verifying a website’s privacy policy should clearly outline how its owners handle your files is wise. Experts also advise only to trust sites that include contact information. Recognizable and reputable sites are generally more trustworthy. If you’re in doubt, consider using an antivirus to scan any files generated by the online file converter.
Image | Mika Baumeister
Related | If You Use Wired Headphones, You’re at Risk: They’re the Ideal Prey for Hackers
Log in to leave a comment