The FBI is warning internet users about fake online document converters that are being used to steal personal information and, in some cases, deploy ransomware on victims’ devices.

The warning was issued by the FBI Denver field office after a rise in reports of these scams.

Cybercriminals are creating websites that pretend to offer free file conversion services, such as converting .doc to .pdf or merging multiple files into one. While these tools may appear to work, the FBI says the resulting files can contain hidden malware that allows hackers to gain remote access to infected devices. Additionally, uploaded documents may be scraped for sensitive data, including names, Social Security numbers, cryptocurrency passphrases, and banking details.


The scammers often create websites with URLs that closely resemble legitimate ones, making it easy for users to fall for the trap. FBI spokesperson Vikki Migoya noted that search engine ads can also lead people to these malicious sites, as scammers pay for promoted results that appear trustworthy.

Cybersecurity researchers have confirmed that these fake converter sites can distribute malware. Last week, security expert Will Thomas identified fraudulent sites like docu-flex[.]com and pdfixers[.]com, which distributed Windows executables flagged as malware. Another researcher tracking the Gootloader malware campaign reported that some sites pretend to convert PDFs but instead deliver a JavaScript file designed to install additional malware, including banking trojans, data stealers, and ransomware tools.

READ
Coinbase Was the Primary Target in a Large-Scale GitHub Supply Chain Attack

These types of attacks have led to major ransomware incidents in the past, with cybercriminal groups like REvil and BlackSuit using similar methods to breach corporate networks. While not all file converters are malicious, the FBI urges users to thoroughly research any online tool before using it. If a site is unfamiliar or has few reviews, it’s best to avoid it altogether. Additionally, users should scan downloaded files—especially executables or JavaScript files—to ensure they are safe before opening them.