Fake File Conversion Tools Distribute Malicious File Converter Apps and Backdoor Malware
Fake file converter apps promoted through malicious Google ads are infecting users with remote access trojans, enabling data theft, persistent system access, and highlighting growing risks from deceptive productivity software.
Tech Author
Cybersecurity researchers have expressed severe worries after discovering that fake file converter apps are being used to distribute hazardous malware. These apps appear to be typical file conversion tools, such as Word to PDF or image converters, but they secretly infect users' devices with remote access trojans (RATs). This increases the threat's risk because victims frequently are unaware that anything is wrong.
According to experts, the attack typically begins with fraudulent Google ads. When people search for common applications like "PDF converter" or "image converter," these fraudulent advertisements appear at the top of the results, giving the impression that they are trustworthy and secure. When visitors click on these advertising, they navigate to multiple websites before arriving at a fake converter site that offers a download.
These fake websites are intended to appear professional. They have download buttons, feature lists, FAQs, and even privacy policies. Some websites do not host the harmful file directly, but rather refer users to another page that has the infected program. Once launched, the program performs as advertised, converting files normally while silently installing malware in the background.
To appear legitimate, attackers employ code signing certificates from fraudulent or short-lived companies. This enables the malware to avoid basic security assessments and look harmless to users and antivirus software. Even if certificates are revoked, attackers quickly switch to new ones and resume their attacks. After installation, the malware sets up scheduled processes on the machine to launch secret updater apps every day. This enables the attackers to retain long-term access to the infected computer. Each victim is given a unique ID, which allows attackers to track systems while talking with their servers. The completed infection provides the attackers complete control over the device. They can steal data, log keystrokes, take screenshots, explore files, and download other software. All of this occurs silently, without alerting the user.
Security experts say users and organizations should be extra cautious when downloading free tools online. Avoid clicking on sponsored ads for software, download apps only from trusted sources, and monitor systems for unusual scheduled tasks or activity. This campaign highlights how malicious ads, fake productivity apps, and trusted-looking software are being used together to spread malware. Staying alert and following basic cybersecurity practices can help users avoid becoming victims of these growing online threats.
Information referenced in this article is from Cyber Security News
